Annotation of src/usr.bin/openssl/openssl.1, Revision 1.115
1.115 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.114 2019/10/04 06:22:51 jmc Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.115 ! inoguchi 113: .Dd $Mdocdate: October 4 2019 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
1.114 jmc 204: .Bl -hang -width "openssl asn1parse"
205: .It Nm openssl asn1parse
206: .Bk -words
1.1 jsing 207: .Op Fl i
208: .Op Fl dlimit Ar number
209: .Op Fl dump
210: .Op Fl genconf Ar file
211: .Op Fl genstr Ar str
212: .Op Fl in Ar file
1.34 jmc 213: .Op Fl inform Cm der | pem | txt
1.1 jsing 214: .Op Fl length Ar number
215: .Op Fl noout
216: .Op Fl offset Ar number
217: .Op Fl oid Ar file
218: .Op Fl out Ar file
219: .Op Fl strparse Ar offset
1.114 jmc 220: .Ek
221: .El
1.1 jsing 222: .Pp
223: The
224: .Nm asn1parse
225: command is a diagnostic utility that can parse ASN.1 structures.
226: It can also be used to extract data from ASN.1 formatted data.
227: .Pp
228: The options are as follows:
229: .Bl -tag -width Ds
230: .It Fl dlimit Ar number
231: Dump the first
232: .Ar number
233: bytes of unknown data in hex form.
234: .It Fl dump
235: Dump unknown data in hex form.
236: .It Fl genconf Ar file , Fl genstr Ar str
237: Generate encoded data based on string
238: .Ar str ,
239: file
240: .Ar file ,
1.34 jmc 241: or both, using the format described in
242: .Xr ASN1_generate_nconf 3 .
1.1 jsing 243: If only
244: .Ar file
245: is present then the string is obtained from the default section
246: using the name
247: .Dq asn1 .
1.84 jmc 248: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 249: though it came from a file;
250: the contents can thus be examined and written to a file using the
251: .Fl out
252: option.
253: .It Fl i
1.34 jmc 254: Indent the output according to the
1.1 jsing 255: .Qq depth
256: of the structures.
257: .It Fl in Ar file
1.41 jmc 258: The input file to read from, or standard input if not specified.
1.34 jmc 259: .It Fl inform Cm der | pem | txt
1.1 jsing 260: The input format.
261: .It Fl length Ar number
1.34 jmc 262: Number of bytes to parse; the default is until end of file.
1.1 jsing 263: .It Fl noout
1.46 jmc 264: Do not output the parsed version of the input file.
1.1 jsing 265: .It Fl offset Ar number
1.34 jmc 266: Starting offset to begin parsing; the default is start of file.
1.1 jsing 267: .It Fl oid Ar file
268: A file containing additional object identifiers
269: .Pq OIDs .
270: If an OID
271: .Pq object identifier
272: is not part of
1.34 jmc 273: .Nm openssl Ns 's
1.1 jsing 274: internal table it will be represented in
275: numerical form
276: .Pq for example 1.2.3.4 .
1.34 jmc 277: .Pp
1.1 jsing 278: Each line consists of three columns:
279: the first column is the OID in numerical format and should be followed by
280: whitespace.
281: The second column is the
1.34 jmc 282: .Qq short name ,
1.1 jsing 283: which is a single word followed by whitespace.
284: The final column is the rest of the line and is the
285: .Qq long name .
286: .Nm asn1parse
287: displays the long name.
1.34 jmc 288: .It Fl out Ar file
289: The DER-encoded output file; the default is no encoded output
290: (useful when combined with
291: .Fl strparse ) .
292: .It Fl strparse Ar offset
293: Parse the content octets of the ASN.1 object starting at
294: .Ar offset .
295: This option can be used multiple times to
296: .Qq drill down
297: into a nested structure.
298: .El
1.1 jsing 299: .Sh CA
1.114 jmc 300: .Bl -hang -width "openssl ca"
301: .It Nm openssl ca
302: .Bk -words
1.1 jsing 303: .Op Fl batch
304: .Op Fl cert Ar file
305: .Op Fl config Ar file
1.91 schwarze 306: .Op Fl create_serial
1.1 jsing 307: .Op Fl crl_CA_compromise Ar time
308: .Op Fl crl_compromise Ar time
309: .Op Fl crl_hold Ar instruction
310: .Op Fl crl_reason Ar reason
311: .Op Fl crldays Ar days
312: .Op Fl crlexts Ar section
313: .Op Fl crlhours Ar hours
1.103 inoguchi 314: .Op Fl crlsec Ar seconds
1.1 jsing 315: .Op Fl days Ar arg
316: .Op Fl enddate Ar date
317: .Op Fl extensions Ar section
1.103 inoguchi 318: .Op Fl extfile Ar file
1.1 jsing 319: .Op Fl gencrl
320: .Op Fl in Ar file
321: .Op Fl infiles
1.91 schwarze 322: .Op Fl key Ar password
1.103 inoguchi 323: .Op Fl keyfile Ar file
1.91 schwarze 324: .Op Fl keyform Cm pem | der
1.103 inoguchi 325: .Op Fl md Ar alg
1.1 jsing 326: .Op Fl msie_hack
1.107 inoguchi 327: .Op Fl multivalue-rdn
1.1 jsing 328: .Op Fl name Ar section
329: .Op Fl noemailDN
330: .Op Fl notext
331: .Op Fl out Ar file
1.103 inoguchi 332: .Op Fl outdir Ar directory
1.1 jsing 333: .Op Fl passin Ar arg
334: .Op Fl policy Ar arg
335: .Op Fl preserveDN
336: .Op Fl revoke Ar file
1.91 schwarze 337: .Op Fl selfsign
1.103 inoguchi 338: .Op Fl sigopt Ar nm:v
1.1 jsing 339: .Op Fl spkac Ar file
340: .Op Fl ss_cert Ar file
341: .Op Fl startdate Ar date
342: .Op Fl status Ar serial
343: .Op Fl subj Ar arg
344: .Op Fl updatedb
1.91 schwarze 345: .Op Fl utf8
1.1 jsing 346: .Op Fl verbose
1.114 jmc 347: .Ek
348: .El
1.1 jsing 349: .Pp
350: The
351: .Nm ca
1.35 jmc 352: command is a minimal certificate authority (CA) application.
1.1 jsing 353: It can be used to sign certificate requests in a variety of forms
1.35 jmc 354: and generate certificate revocation lists (CRLs).
1.1 jsing 355: It also maintains a text database of issued certificates and their status.
356: .Pp
1.35 jmc 357: The options relevant to CAs are as follows:
1.1 jsing 358: .Bl -tag -width "XXXX"
359: .It Fl batch
1.41 jmc 360: Batch mode.
1.1 jsing 361: In this mode no questions will be asked
362: and all certificates will be certified automatically.
363: .It Fl cert Ar file
364: The CA certificate file.
365: .It Fl config Ar file
1.72 jmc 366: Specify an alternative configuration file.
1.91 schwarze 367: .It Fl create_serial
368: If reading the serial from the text file as specified in the
369: configuration fails, create a new random serial to be used as the
370: next serial number.
1.1 jsing 371: .It Fl days Ar arg
372: The number of days to certify the certificate for.
373: .It Fl enddate Ar date
1.41 jmc 374: Set the expiry date.
1.88 jmc 375: The format of the date is [YY]YYMMDDHHMMSSZ,
376: with all four year digits required for dates from 2050 onwards.
1.1 jsing 377: .It Fl extensions Ar section
378: The section of the configuration file containing certificate extensions
379: to be added when a certificate is issued (defaults to
1.35 jmc 380: .Cm x509_extensions
1.1 jsing 381: unless the
382: .Fl extfile
383: option is used).
384: If no extension section is present, a V1 certificate is created.
385: If the extension section is present
386: .Pq even if it is empty ,
387: then a V3 certificate is created.
1.91 schwarze 388: See the
389: .Xr x509v3.cnf 5
390: manual page for details of the extension section format.
1.1 jsing 391: .It Fl extfile Ar file
392: An additional configuration
393: .Ar file
394: to read certificate extensions from
395: (using the default section unless the
396: .Fl extensions
397: option is also used).
398: .It Fl in Ar file
399: An input
400: .Ar file
401: containing a single certificate request to be signed by the CA.
402: .It Fl infiles
403: If present, this should be the last option; all subsequent arguments
404: are assumed to be the names of files containing certificate requests.
1.91 schwarze 405: .It Fl key Ar password
406: The
407: .Fa password
408: used to encrypt the private key.
1.35 jmc 409: Since on some systems the command line arguments are visible,
410: this option should be used with caution.
1.1 jsing 411: .It Fl keyfile Ar file
412: The private key to sign requests with.
1.91 schwarze 413: .It Fl keyform Cm pem | der
1.1 jsing 414: Private key file format.
1.91 schwarze 415: The default is
416: .Cm pem .
1.1 jsing 417: .It Fl md Ar alg
418: The message digest to use.
419: Possible values include
420: .Ar md5
421: and
422: .Ar sha1 .
423: This option also applies to CRLs.
424: .It Fl msie_hack
425: This is a legacy option to make
426: .Nm ca
427: work with very old versions of the IE certificate enrollment control
428: .Qq certenr3 .
429: It used UniversalStrings for almost everything.
430: Since the old control has various security bugs,
431: its use is strongly discouraged.
432: The newer control
433: .Qq Xenroll
434: does not need this option.
1.107 inoguchi 435: .It Fl multivalue-rdn
1.91 schwarze 436: This option causes the
437: .Fl subj
438: argument to be interpreted with full support for multivalued RDNs,
439: for example
440: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
441: If
1.107 inoguchi 442: .Fl multivalue-rdn
1.91 schwarze 443: is not used, the UID value is set to
444: .Qq "123456+CN=John Doe" .
1.1 jsing 445: .It Fl name Ar section
446: Specifies the configuration file
447: .Ar section
448: to use (overrides
449: .Cm default_ca
450: in the
451: .Cm ca
452: section).
453: .It Fl noemailDN
454: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 455: request DN, however it is good policy just having the email set into
1.1 jsing 456: the
1.35 jmc 457: .Cm altName
1.1 jsing 458: extension of the certificate.
459: When this option is set, the EMAIL field is removed from the certificate's
460: subject and set only in the, eventually present, extensions.
461: The
462: .Ar email_in_dn
463: keyword can be used in the configuration file to enable this behaviour.
464: .It Fl notext
465: Don't output the text form of a certificate to the output file.
466: .It Fl out Ar file
467: The output file to output certificates to.
468: The default is standard output.
1.91 schwarze 469: The certificate details will also be printed out to this file in
470: PEM format, except that
471: .Fl spkac
472: outputs DER format.
1.1 jsing 473: .It Fl outdir Ar directory
474: The
475: .Ar directory
476: to output certificates to.
477: The certificate will be written to a file consisting of the
478: serial number in hex with
479: .Qq .pem
480: appended.
481: .It Fl passin Ar arg
482: The key password source.
483: .It Fl policy Ar arg
1.41 jmc 484: Define the CA
1.1 jsing 485: .Qq policy
486: to use.
1.35 jmc 487: The policy section in the configuration file
488: consists of a set of variables corresponding to certificate DN fields.
489: The values may be one of
490: .Qq match
491: (the value must match the same field in the CA certificate),
492: .Qq supplied
493: (the value must be present), or
494: .Qq optional
495: (the value may be present).
496: Any fields not mentioned in the policy section
497: are silently deleted, unless the
498: .Fl preserveDN
499: option is set,
500: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 501: .It Fl preserveDN
502: Normally, the DN order of a certificate is the same as the order of the
503: fields in the relevant policy section.
504: When this option is set, the order is the same as the request.
505: This is largely for compatibility with the older IE enrollment control
506: which would only accept certificates if their DNs matched the order of the
507: request.
508: This is not needed for Xenroll.
1.91 schwarze 509: .It Fl selfsign
510: Indicates the issued certificates are to be signed with the key the
511: certificate requests were signed with, given with
512: .Fl keyfile .
513: Certificate requests signed with a different key are ignored.
514: If
515: .Fl gencrl ,
516: .Fl spkac ,
517: or
518: .Fl ss_cert
519: are given,
520: .Fl selfsign
521: is ignored.
522: .Pp
523: A consequence of using
524: .Fl selfsign
525: is that the self-signed certificate appears among the entries in
526: the certificate database (see the configuration option
527: .Cm database )
528: and uses the same serial number counter as all other certificates
529: signed with the self-signed certificate.
1.103 inoguchi 530: .It Fl sigopt Ar nm:v
531: Pass options to the signature algorithm during sign or certify operations.
532: The names and values of these options are algorithm-specific.
1.1 jsing 533: .It Fl spkac Ar file
534: A file containing a single Netscape signed public key and challenge,
535: and additional field values to be signed by the CA.
1.35 jmc 536: This will usually come from the
537: KEYGEN tag in an HTML form to create a new private key.
538: It is, however, possible to create SPKACs using the
539: .Nm spkac
540: utility.
541: .Pp
542: The file should contain the variable SPKAC set to the value of
543: the SPKAC and also the required DN components as name value pairs.
544: If it's necessary to include the same component twice,
545: then it can be preceded by a number and a
546: .Sq \&. .
1.1 jsing 547: .It Fl ss_cert Ar file
548: A single self-signed certificate to be signed by the CA.
549: .It Fl startdate Ar date
1.41 jmc 550: Set the start date.
1.88 jmc 551: The format of the date is [YY]YYMMDDHHMMSSZ,
552: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 553: .It Fl subj Ar arg
554: Supersedes the subject name given in the request.
555: The
556: .Ar arg
557: must be formatted as
558: .Sm off
559: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
560: .Ar type2 Ns = Ar ... ;
561: .Sm on
562: characters may be escaped by
563: .Sq \e
564: .Pq backslash ,
565: no spaces are skipped.
566: .It Fl utf8
567: Interpret field values read from a terminal or obtained from a
568: configuration file as UTF-8 strings.
569: By default, they are interpreted as ASCII.
1.1 jsing 570: .It Fl verbose
1.41 jmc 571: Print extra details about the operations being performed.
1.1 jsing 572: .El
1.35 jmc 573: .Pp
574: The options relevant to CRLs are as follows:
1.1 jsing 575: .Bl -tag -width "XXXX"
576: .It Fl crl_CA_compromise Ar time
577: This is the same as
578: .Fl crl_compromise ,
579: except the revocation reason is set to CACompromise.
580: .It Fl crl_compromise Ar time
1.41 jmc 581: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 582: .Ar time .
583: .Ar time
584: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
585: .It Fl crl_hold Ar instruction
1.41 jmc 586: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 587: instruction to
588: .Ar instruction
589: which must be an OID.
590: Although any OID can be used, only holdInstructionNone
591: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
592: holdInstructionReject will normally be used.
593: .It Fl crl_reason Ar reason
594: Revocation reason, where
595: .Ar reason
596: is one of:
597: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
598: cessationOfOperation, certificateHold or removeFromCRL.
599: The matching of
600: .Ar reason
601: is case insensitive.
602: Setting any revocation reason will make the CRL v2.
603: In practice, removeFromCRL is not particularly useful because it is only used
604: in delta CRLs which are not currently implemented.
1.103 inoguchi 605: .It Fl crldays Ar days
1.1 jsing 606: The number of days before the next CRL is due.
607: This is the days from now to place in the CRL
1.35 jmc 608: .Cm nextUpdate
1.1 jsing 609: field.
610: .It Fl crlexts Ar section
611: The
612: .Ar section
613: of the configuration file containing CRL extensions to include.
614: If no CRL extension section is present then a V1 CRL is created;
615: if the CRL extension section is present
1.81 jmc 616: (even if it is empty)
1.1 jsing 617: then a V2 CRL is created.
1.81 jmc 618: The CRL extensions specified are CRL extensions and not CRL entry extensions.
619: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 620: See the
621: .Xr x509v3.cnf 5
622: manual page for details of the extension section format.
1.103 inoguchi 623: .It Fl crlhours Ar hours
1.1 jsing 624: The number of hours before the next CRL is due.
1.103 inoguchi 625: .It Fl crlsec Ar seconds
626: The number of seconds before the next CRL is due.
1.1 jsing 627: .It Fl gencrl
1.41 jmc 628: Generate a CRL based on information in the index file.
1.1 jsing 629: .It Fl revoke Ar file
630: A
631: .Ar file
632: containing a certificate to revoke.
1.91 schwarze 633: .It Fl status Ar serial
634: Show the status of the certificate with serial number
635: .Ar serial .
636: .It Fl updatedb
637: Update the database index to purge expired certificates.
1.1 jsing 638: .El
639: .Pp
1.35 jmc 640: Many of the options can be set in the
641: .Cm ca
642: section of the configuration file
643: (or in the default section of the configuration file),
644: specified using
645: .Cm default_ca
646: or
647: .Fl name .
648: The options
649: .Cm preserve
650: and
651: .Cm msie_hack
652: are read directly from the
653: .Cm ca
654: section.
1.1 jsing 655: .Pp
656: Many of the configuration file options are identical to command line
657: options.
658: Where the option is present in the configuration file and the command line,
659: the command line value is used.
660: Where an option is described as mandatory, then it must be present in
661: the configuration file or the command line equivalent
662: .Pq if any
663: used.
664: .Bl -tag -width "XXXX"
1.35 jmc 665: .It Cm certificate
1.1 jsing 666: The same as
667: .Fl cert .
668: It gives the file containing the CA certificate.
669: Mandatory.
1.35 jmc 670: .It Cm copy_extensions
1.1 jsing 671: Determines how extensions in certificate requests should be handled.
672: If set to
1.35 jmc 673: .Cm none
1.1 jsing 674: or this option is not present, then extensions are
675: ignored and not copied to the certificate.
676: If set to
1.35 jmc 677: .Cm copy ,
1.1 jsing 678: then any extensions present in the request that are not already present
679: are copied to the certificate.
680: If set to
1.35 jmc 681: .Cm copyall ,
1.1 jsing 682: then all extensions in the request are copied to the certificate:
683: if the extension is already present in the certificate it is deleted first.
1.35 jmc 684: .Pp
685: The
686: .Cm copy_extensions
687: option should be used with caution.
688: If care is not taken, it can be a security risk.
689: For example, if a certificate request contains a
690: .Cm basicConstraints
691: extension with CA:TRUE and the
692: .Cm copy_extensions
693: value is set to
694: .Cm copyall
695: and the user does not spot
1.91 schwarze 696: this when the certificate is displayed, then this will hand the requester
1.35 jmc 697: a valid CA certificate.
698: .Pp
699: This situation can be avoided by setting
700: .Cm copy_extensions
701: to
702: .Cm copy
703: and including
704: .Cm basicConstraints
705: with CA:FALSE in the configuration file.
706: Then if the request contains a
707: .Cm basicConstraints
708: extension, it will be ignored.
1.1 jsing 709: .Pp
710: The main use of this option is to allow a certificate request to supply
711: values for certain extensions such as
1.35 jmc 712: .Cm subjectAltName .
713: .It Cm crl_extensions
1.1 jsing 714: The same as
715: .Fl crlexts .
1.35 jmc 716: .It Cm crlnumber
1.1 jsing 717: A text file containing the next CRL number to use in hex.
718: The CRL number will be inserted in the CRLs only if this file exists.
719: If this file is present, it must contain a valid CRL number.
1.35 jmc 720: .It Cm database
1.1 jsing 721: The text database file to use.
722: Mandatory.
723: This file must be present, though initially it will be empty.
1.35 jmc 724: .It Cm default_crl_hours , default_crl_days
1.1 jsing 725: The same as the
726: .Fl crlhours
727: and
728: .Fl crldays
729: options.
730: These will only be used if neither command line option is present.
731: At least one of these must be present to generate a CRL.
1.35 jmc 732: .It Cm default_days
1.1 jsing 733: The same as the
734: .Fl days
735: option.
736: The number of days to certify a certificate for.
1.35 jmc 737: .It Cm default_enddate
1.1 jsing 738: The same as the
739: .Fl enddate
740: option.
741: Either this option or
1.35 jmc 742: .Cm default_days
1.1 jsing 743: .Pq or the command line equivalents
744: must be present.
1.35 jmc 745: .It Cm default_md
1.1 jsing 746: The same as the
747: .Fl md
748: option.
749: The message digest to use.
750: Mandatory.
1.35 jmc 751: .It Cm default_startdate
1.1 jsing 752: The same as the
753: .Fl startdate
754: option.
755: The start date to certify a certificate for.
756: If not set, the current time is used.
1.35 jmc 757: .It Cm email_in_dn
1.1 jsing 758: The same as
759: .Fl noemailDN .
760: If the EMAIL field is to be removed from the DN of the certificate,
761: simply set this to
762: .Qq no .
763: If not present, the default is to allow for the EMAIL field in the
764: certificate's DN.
1.35 jmc 765: .It Cm msie_hack
1.1 jsing 766: The same as
767: .Fl msie_hack .
1.35 jmc 768: .It Cm name_opt , cert_opt
1.1 jsing 769: These options allow the format used to display the certificate details
770: when asking the user to confirm signing.
771: All the options supported by the
772: .Nm x509
773: utilities'
774: .Fl nameopt
775: and
776: .Fl certopt
777: switches can be used here, except that
1.35 jmc 778: .Cm no_signame
1.1 jsing 779: and
1.35 jmc 780: .Cm no_sigdump
1.1 jsing 781: are permanently set and cannot be disabled
782: (this is because the certificate signature cannot be displayed because
783: the certificate has not been signed at this point).
784: .Pp
785: For convenience, the value
1.35 jmc 786: .Cm ca_default
1.1 jsing 787: is accepted by both to produce a reasonable output.
788: .Pp
789: If neither option is present, the format used in earlier versions of
1.35 jmc 790: .Nm openssl
1.1 jsing 791: is used.
1.81 jmc 792: Use of the old format is strongly discouraged
793: because it only displays fields mentioned in the
1.35 jmc 794: .Cm policy
1.1 jsing 795: section,
796: mishandles multicharacter string types and does not display extensions.
1.35 jmc 797: .It Cm new_certs_dir
1.1 jsing 798: The same as the
799: .Fl outdir
800: command line option.
801: It specifies the directory where new certificates will be placed.
802: Mandatory.
1.35 jmc 803: .It Cm oid_file
1.1 jsing 804: This specifies a file containing additional object identifiers.
805: Each line of the file should consist of the numerical form of the
806: object identifier followed by whitespace, then the short name followed
807: by whitespace and finally the long name.
1.35 jmc 808: .It Cm oid_section
1.1 jsing 809: This specifies a section in the configuration file containing extra
810: object identifiers.
811: Each line should consist of the short name of the object identifier
812: followed by
813: .Sq =
814: and the numerical form.
815: The short and long names are the same when this option is used.
1.35 jmc 816: .It Cm policy
1.1 jsing 817: The same as
818: .Fl policy .
819: Mandatory.
1.35 jmc 820: .It Cm preserve
1.1 jsing 821: The same as
822: .Fl preserveDN .
1.35 jmc 823: .It Cm private_key
1.1 jsing 824: Same as the
825: .Fl keyfile
826: option.
827: The file containing the CA private key.
828: Mandatory.
1.35 jmc 829: .It Cm serial
1.1 jsing 830: A text file containing the next serial number to use in hex.
831: Mandatory.
832: This file must be present and contain a valid serial number.
1.35 jmc 833: .It Cm unique_subject
1.1 jsing 834: If the value
1.35 jmc 835: .Cm yes
1.1 jsing 836: is given, the valid certificate entries in the
837: database must have unique subjects.
838: If the value
1.35 jmc 839: .Cm no
1.1 jsing 840: is given,
841: several valid certificate entries may have the exact same subject.
842: The default value is
1.35 jmc 843: .Cm yes .
844: .It Cm x509_extensions
1.1 jsing 845: The same as
846: .Fl extensions .
847: .El
848: .Sh CIPHERS
849: .Nm openssl ciphers
850: .Op Fl hVv
1.93 schwarze 851: .Op Ar control
1.1 jsing 852: .Pp
853: The
854: .Nm ciphers
1.93 schwarze 855: command converts the
856: .Ar control
857: string from the format documented in
858: .Xr SSL_CTX_set_cipher_list 3
859: into an ordered SSL cipher suite preference list.
860: If no
861: .Ar control
862: string is specified, the
863: .Cm DEFAULT
864: list is printed.
1.1 jsing 865: .Pp
866: The options are as follows:
867: .Bl -tag -width Ds
868: .It Fl h , \&?
869: Print a brief usage message.
870: .It Fl V
1.36 jmc 871: Verbose.
1.92 schwarze 872: List ciphers with cipher suite code in hex format,
873: cipher name, and a complete description of protocol version,
874: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 875: .It Fl v
1.1 jsing 876: Like
1.36 jmc 877: .Fl V ,
878: but without cipher suite codes.
1.1 jsing 879: .El
880: .Sh CRL
1.114 jmc 881: .Bl -hang -width "openssl crl"
882: .It Nm openssl crl
883: .Bk -words
1.1 jsing 884: .Op Fl CAfile Ar file
885: .Op Fl CApath Ar dir
1.104 inoguchi 886: .Op Fl crlnumber
1.1 jsing 887: .Op Fl fingerprint
888: .Op Fl hash
1.104 inoguchi 889: .Op Fl hash_old
1.1 jsing 890: .Op Fl in Ar file
1.38 jmc 891: .Op Fl inform Cm der | pem
1.1 jsing 892: .Op Fl issuer
893: .Op Fl lastupdate
1.104 inoguchi 894: .Op Fl nameopt Ar option
1.1 jsing 895: .Op Fl nextupdate
896: .Op Fl noout
897: .Op Fl out Ar file
1.38 jmc 898: .Op Fl outform Cm der | pem
1.1 jsing 899: .Op Fl text
1.104 inoguchi 900: .Op Fl verify
1.114 jmc 901: .Ek
902: .El
1.1 jsing 903: .Pp
904: The
905: .Nm crl
906: command processes CRL files in DER or PEM format.
1.37 jmc 907: .Pp
1.1 jsing 908: The options are as follows:
909: .Bl -tag -width Ds
910: .It Fl CAfile Ar file
911: Verify the signature on a CRL by looking up the issuing certificate in
912: .Ar file .
913: .It Fl CApath Ar directory
914: Verify the signature on a CRL by looking up the issuing certificate in
915: .Ar dir .
916: This directory must be a standard certificate directory,
917: i.e. a hash of each subject name (using
918: .Cm x509 Fl hash )
919: should be linked to each certificate.
1.104 inoguchi 920: .It Fl crlnumber
921: Print the CRL number.
1.1 jsing 922: .It Fl fingerprint
923: Print the CRL fingerprint.
924: .It Fl hash
925: Output a hash of the issuer name.
926: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 927: .It Fl hash_old
928: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 929: .It Fl in Ar file
1.37 jmc 930: The input file to read from, or standard input if not specified.
1.38 jmc 931: .It Fl inform Cm der | pem
1.37 jmc 932: The input format.
1.1 jsing 933: .It Fl issuer
934: Output the issuer name.
935: .It Fl lastupdate
936: Output the
1.37 jmc 937: .Cm lastUpdate
1.1 jsing 938: field.
1.104 inoguchi 939: .It Fl nameopt Ar option
940: Specify certificate name options.
1.1 jsing 941: .It Fl nextupdate
942: Output the
1.37 jmc 943: .Cm nextUpdate
1.1 jsing 944: field.
945: .It Fl noout
1.46 jmc 946: Do not output the encoded version of the CRL.
1.1 jsing 947: .It Fl out Ar file
1.37 jmc 948: The output file to write to, or standard output if not specified.
1.38 jmc 949: .It Fl outform Cm der | pem
1.37 jmc 950: The output format.
1.1 jsing 951: .It Fl text
1.64 jmc 952: Print the CRL in plain text.
1.104 inoguchi 953: .It Fl verify
954: Verify the signature on the CRL.
1.1 jsing 955: .El
956: .Sh CRL2PKCS7
1.114 jmc 957: .Bl -hang -width "openssl crl2pkcs7"
958: .It Nm openssl crl2pkcs7
959: .Bk -words
1.1 jsing 960: .Op Fl certfile Ar file
961: .Op Fl in Ar file
1.40 jmc 962: .Op Fl inform Cm der | pem
1.1 jsing 963: .Op Fl nocrl
964: .Op Fl out Ar file
1.40 jmc 965: .Op Fl outform Cm der | pem
1.114 jmc 966: .Ek
967: .El
1.1 jsing 968: .Pp
969: The
970: .Nm crl2pkcs7
971: command takes an optional CRL and one or more
972: certificates and converts them into a PKCS#7 degenerate
973: .Qq certificates only
974: structure.
975: .Pp
976: The options are as follows:
977: .Bl -tag -width Ds
978: .It Fl certfile Ar file
1.40 jmc 979: Add the certificates in PEM
1.1 jsing 980: .Ar file
1.40 jmc 981: to the PKCS#7 structure.
982: This option can be used more than once
983: to read certificates from multiple files.
1.1 jsing 984: .It Fl in Ar file
1.40 jmc 985: Read the CRL from
986: .Ar file ,
987: or standard input if not specified.
988: .It Fl inform Cm der | pem
1.64 jmc 989: The input format.
1.1 jsing 990: .It Fl nocrl
991: Normally, a CRL is included in the output file.
992: With this option, no CRL is
993: included in the output file and a CRL is not read from the input file.
994: .It Fl out Ar file
1.40 jmc 995: Write the PKCS#7 structure to
996: .Ar file ,
997: or standard output if not specified.
998: .It Fl outform Cm der | pem
1.64 jmc 999: The output format.
1.1 jsing 1000: .El
1001: .Sh DGST
1.114 jmc 1002: .Bl -hang -width "openssl dgst"
1003: .It Nm openssl dgst
1004: .Bk -words
1.105 inoguchi 1005: .Op Fl cdr
1.1 jsing 1006: .Op Fl binary
1.43 jmc 1007: .Op Fl Ar digest
1.1 jsing 1008: .Op Fl hex
1009: .Op Fl hmac Ar key
1.43 jmc 1010: .Op Fl keyform Cm pem
1.1 jsing 1011: .Op Fl mac Ar algorithm
1012: .Op Fl macopt Ar nm : Ns Ar v
1013: .Op Fl out Ar file
1014: .Op Fl passin Ar arg
1015: .Op Fl prverify Ar file
1016: .Op Fl sign Ar file
1017: .Op Fl signature Ar file
1018: .Op Fl sigopt Ar nm : Ns Ar v
1019: .Op Fl verify Ar file
1020: .Op Ar
1.114 jmc 1021: .Ek
1022: .El
1.1 jsing 1023: .Pp
1024: The digest functions output the message digest of a supplied
1025: .Ar file
1026: or
1027: .Ar files
1028: in hexadecimal form.
1029: They can also be used for digital signing and verification.
1030: .Pp
1031: The options are as follows:
1032: .Bl -tag -width Ds
1033: .It Fl binary
1034: Output the digest or signature in binary form.
1035: .It Fl c
1.48 jmc 1036: Print the digest in two-digit groups separated by colons.
1.1 jsing 1037: .It Fl d
1.48 jmc 1038: Print BIO debugging information.
1.43 jmc 1039: .It Fl Ar digest
1040: Use the specified message
1041: .Ar digest .
1.98 naddy 1042: The default is SHA256.
1.43 jmc 1043: The available digests can be displayed using
1044: .Nm openssl
1045: .Cm list-message-digest-commands .
1046: The following are equivalent:
1047: .Nm openssl dgst
1.98 naddy 1048: .Fl sha256
1.43 jmc 1049: and
1050: .Nm openssl
1.98 naddy 1051: .Cm sha256 .
1.1 jsing 1052: .It Fl hex
1053: Digest is to be output as a hex dump.
1054: This is the default case for a
1055: .Qq normal
1056: digest as opposed to a digital signature.
1057: .It Fl hmac Ar key
1058: Create a hashed MAC using
1059: .Ar key .
1.43 jmc 1060: .It Fl keyform Cm pem
1.1 jsing 1061: Specifies the key format to sign the digest with.
1062: .It Fl mac Ar algorithm
1063: Create a keyed Message Authentication Code (MAC).
1064: The most popular MAC algorithm is HMAC (hash-based MAC),
1065: but there are other MAC algorithms which are not based on hash.
1066: MAC keys and other options should be set via the
1067: .Fl macopt
1068: parameter.
1069: .It Fl macopt Ar nm : Ns Ar v
1070: Passes options to the MAC algorithm, specified by
1071: .Fl mac .
1072: The following options are supported by HMAC:
1073: .Bl -tag -width Ds
1.43 jmc 1074: .It Cm key : Ns Ar string
1.1 jsing 1075: Specifies the MAC key as an alphanumeric string
1076: (use if the key contain printable characters only).
1077: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1078: .It Cm hexkey : Ns Ar string
1.1 jsing 1079: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1080: Key length must conform to any restrictions of the MAC algorithm.
1081: .El
1082: .It Fl out Ar file
1.43 jmc 1083: The output file to write to,
1084: or standard output if not specified.
1.1 jsing 1085: .It Fl passin Ar arg
1086: The key password source.
1087: .It Fl prverify Ar file
1088: Verify the signature using the private key in
1089: .Ar file .
1090: The output is either
1091: .Qq Verification OK
1092: or
1093: .Qq Verification Failure .
1.105 inoguchi 1094: .It Fl r
1095: Print the digest in coreutils format.
1.1 jsing 1096: .It Fl sign Ar file
1097: Digitally sign the digest using the private key in
1098: .Ar file .
1099: .It Fl signature Ar file
1100: The actual signature to verify.
1101: .It Fl sigopt Ar nm : Ns Ar v
1102: Pass options to the signature algorithm during sign or verify operations.
1103: The names and values of these options are algorithm-specific.
1104: .It Fl verify Ar file
1105: Verify the signature using the public key in
1106: .Ar file .
1107: The output is either
1108: .Qq Verification OK
1109: or
1110: .Qq Verification Failure .
1111: .It Ar
1112: File or files to digest.
1113: If no files are specified then standard input is used.
1114: .El
1115: .Sh DHPARAM
1.114 jmc 1116: .Bl -hang -width "openssl dhparam"
1117: .It Nm openssl dhparam
1118: .Bk -words
1.1 jsing 1119: .Op Fl 2 | 5
1120: .Op Fl C
1121: .Op Fl check
1122: .Op Fl dsaparam
1123: .Op Fl in Ar file
1.44 jmc 1124: .Op Fl inform Cm der | pem
1.1 jsing 1125: .Op Fl noout
1126: .Op Fl out Ar file
1.44 jmc 1127: .Op Fl outform Cm der | pem
1.1 jsing 1128: .Op Fl text
1129: .Op Ar numbits
1.114 jmc 1130: .Ek
1131: .El
1.1 jsing 1132: .Pp
1133: The
1134: .Nm dhparam
1135: command is used to manipulate DH parameter files.
1.44 jmc 1136: Only the older PKCS#3 DH is supported,
1137: not the newer X9.42 DH.
1.1 jsing 1138: .Pp
1139: The options are as follows:
1140: .Bl -tag -width Ds
1141: .It Fl 2 , 5
1.44 jmc 1142: The generator to use;
1.1 jsing 1143: 2 is the default.
1144: If present, the input file is ignored and parameters are generated instead.
1145: .It Fl C
1.44 jmc 1146: Convert the parameters into C code.
1.1 jsing 1147: The parameters can then be loaded by calling the
1.44 jmc 1148: .No get_dh Ns Ar numbits
1.1 jsing 1149: function.
1150: .It Fl check
1151: Check the DH parameters.
1152: .It Fl dsaparam
1.44 jmc 1153: Read or create DSA parameters,
1154: converted to DH format on output.
1.1 jsing 1155: Otherwise,
1156: .Qq strong
1157: primes
1158: .Pq such that (p-1)/2 is also prime
1159: will be used for DH parameter generation.
1160: .Pp
1161: DH parameter generation with the
1162: .Fl dsaparam
1163: option is much faster,
1164: and the recommended exponent length is shorter,
1165: which makes DH key exchange more efficient.
1166: Beware that with such DSA-style DH parameters,
1167: a fresh DH key should be created for each use to
1168: avoid small-subgroup attacks that may be possible otherwise.
1169: .It Fl in Ar file
1.44 jmc 1170: The input file to read from,
1171: or standard input if not specified.
1172: .It Fl inform Cm der | pem
1173: The input format.
1.1 jsing 1174: .It Fl noout
1.46 jmc 1175: Do not output the encoded version of the parameters.
1.44 jmc 1176: .It Fl out Ar file
1177: The output file to write to,
1178: or standard output if not specified.
1179: .It Fl outform Cm der | pem
1180: The output format.
1181: .It Fl text
1.64 jmc 1182: Print the DH parameters in plain text.
1.1 jsing 1183: .It Ar numbits
1.44 jmc 1184: Generate a parameter set of size
1.1 jsing 1185: .Ar numbits .
1186: It must be the last option.
1.16 sthen 1187: If not present, a value of 2048 is used.
1.1 jsing 1188: If this value is present, the input file is ignored and
1189: parameters are generated instead.
1190: .El
1191: .Sh DSA
1.114 jmc 1192: .Bl -hang -width "openssl dsa"
1193: .It Nm openssl dsa
1194: .Bk -words
1.1 jsing 1195: .Oo
1196: .Fl aes128 | aes192 | aes256 |
1197: .Fl des | des3
1198: .Oc
1199: .Op Fl in Ar file
1.108 inoguchi 1200: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1201: .Op Fl modulus
1202: .Op Fl noout
1203: .Op Fl out Ar file
1.108 inoguchi 1204: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1205: .Op Fl passin Ar arg
1206: .Op Fl passout Ar arg
1207: .Op Fl pubin
1208: .Op Fl pubout
1.108 inoguchi 1209: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1210: .Op Fl text
1.114 jmc 1211: .Ek
1212: .El
1.1 jsing 1213: .Pp
1214: The
1215: .Nm dsa
1216: command processes DSA keys.
1217: They can be converted between various forms and their components printed out.
1218: .Pp
1219: .Sy Note :
1220: This command uses the traditional
1221: .Nm SSLeay
1222: compatible format for private key encryption:
1223: newer applications should use the more secure PKCS#8 format using the
1224: .Nm pkcs8
1225: command.
1226: .Pp
1227: The options are as follows:
1228: .Bl -tag -width Ds
1229: .It Xo
1230: .Fl aes128 | aes192 | aes256 |
1231: .Fl des | des3
1232: .Xc
1.45 jmc 1233: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1234: ciphers, respectively, before outputting it.
1235: A pass phrase is prompted for.
1.45 jmc 1236: If none of these options are specified, the key is written in plain text.
1.1 jsing 1237: This means that using the
1238: .Nm dsa
1.45 jmc 1239: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1240: remove the pass phrase from a key,
1.45 jmc 1241: or by setting the encryption options it can be used to add or change
1.1 jsing 1242: the pass phrase.
1243: These options can only be used with PEM format output files.
1244: .It Fl in Ar file
1.45 jmc 1245: The input file to read from,
1246: or standard input if not specified.
1.1 jsing 1247: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1248: .It Fl inform Cm der | pem | pvk
1.45 jmc 1249: The input format.
1.1 jsing 1250: .It Fl modulus
1.45 jmc 1251: Print the value of the public key component of the key.
1.1 jsing 1252: .It Fl noout
1.46 jmc 1253: Do not output the encoded version of the key.
1.1 jsing 1254: .It Fl out Ar file
1.45 jmc 1255: The output file to write to,
1256: or standard output if not specified.
1.1 jsing 1257: If any encryption options are set then a pass phrase will be
1258: prompted for.
1.108 inoguchi 1259: .It Fl outform Cm der | pem | pvk
1.45 jmc 1260: The output format.
1.1 jsing 1261: .It Fl passin Ar arg
1262: The key password source.
1263: .It Fl passout Ar arg
1264: The output file password source.
1265: .It Fl pubin
1.60 jmc 1266: Read in a public key, not a private key.
1.1 jsing 1267: .It Fl pubout
1.60 jmc 1268: Output a public key, not a private key.
1269: Automatically set if the input is a public key.
1.108 inoguchi 1270: .It Xo
1271: .Fl pvk-none | pvk-strong | pvk-weak
1272: .Xc
1273: Enable or disable PVK encoding.
1274: The default is
1275: .Fl pvk-strong .
1.1 jsing 1276: .It Fl text
1.64 jmc 1277: Print the public/private key in plain text.
1.1 jsing 1278: .El
1279: .Sh DSAPARAM
1.114 jmc 1280: .Bl -hang -width "openssl dsaparam"
1281: .It Nm openssl dsaparam
1282: .Bk -words
1.1 jsing 1283: .Op Fl C
1284: .Op Fl genkey
1285: .Op Fl in Ar file
1.46 jmc 1286: .Op Fl inform Cm der | pem
1.1 jsing 1287: .Op Fl noout
1288: .Op Fl out Ar file
1.46 jmc 1289: .Op Fl outform Cm der | pem
1.1 jsing 1290: .Op Fl text
1291: .Op Ar numbits
1.114 jmc 1292: .Ek
1293: .El
1.1 jsing 1294: .Pp
1295: The
1296: .Nm dsaparam
1297: command is used to manipulate or generate DSA parameter files.
1298: .Pp
1299: The options are as follows:
1300: .Bl -tag -width Ds
1301: .It Fl C
1.46 jmc 1302: Convert the parameters into C code.
1.1 jsing 1303: The parameters can then be loaded by calling the
1.46 jmc 1304: .No get_dsa Ns Ar XXX
1.1 jsing 1305: function.
1306: .It Fl genkey
1.46 jmc 1307: Generate a DSA key either using the specified or generated
1.1 jsing 1308: parameters.
1309: .It Fl in Ar file
1.46 jmc 1310: The input file to read from,
1311: or standard input if not specified.
1.1 jsing 1312: If the
1313: .Ar numbits
1.46 jmc 1314: parameter is included, then this option is ignored.
1315: .It Fl inform Cm der | pem
1316: The input format.
1.1 jsing 1317: .It Fl noout
1.46 jmc 1318: Do not output the encoded version of the parameters.
1319: .It Fl out Ar file
1320: The output file to write to,
1321: or standard output if not specified.
1322: .It Fl outform Cm der | pem
1323: The output format.
1324: .It Fl text
1.64 jmc 1325: Print the DSA parameters in plain text.
1.1 jsing 1326: .It Ar numbits
1.46 jmc 1327: Generate a parameter set of size
1.1 jsing 1328: .Ar numbits .
1.46 jmc 1329: If this option is included, the input file is ignored.
1.1 jsing 1330: .El
1331: .Sh EC
1.114 jmc 1332: .Bl -hang -width "openssl ec"
1333: .It Nm openssl ec
1334: .Bk -words
1.1 jsing 1335: .Op Fl conv_form Ar arg
1336: .Op Fl des
1337: .Op Fl des3
1338: .Op Fl in Ar file
1.47 jmc 1339: .Op Fl inform Cm der | pem
1.1 jsing 1340: .Op Fl noout
1341: .Op Fl out Ar file
1.47 jmc 1342: .Op Fl outform Cm der | pem
1.1 jsing 1343: .Op Fl param_enc Ar arg
1344: .Op Fl param_out
1345: .Op Fl passin Ar arg
1346: .Op Fl passout Ar arg
1347: .Op Fl pubin
1348: .Op Fl pubout
1349: .Op Fl text
1.114 jmc 1350: .Ek
1351: .El
1.1 jsing 1352: .Pp
1353: The
1354: .Nm ec
1355: command processes EC keys.
1356: They can be converted between various
1357: forms and their components printed out.
1.47 jmc 1358: .Nm openssl
1.1 jsing 1359: uses the private key format specified in
1360: .Dq SEC 1: Elliptic Curve Cryptography
1361: .Pq Lk http://www.secg.org/ .
1362: To convert an
1363: EC private key into the PKCS#8 private key format use the
1364: .Nm pkcs8
1365: command.
1366: .Pp
1367: The options are as follows:
1368: .Bl -tag -width Ds
1369: .It Fl conv_form Ar arg
1.47 jmc 1370: Specify how the points on the elliptic curve are converted
1.1 jsing 1371: into octet strings.
1372: Possible values are:
1.95 tb 1373: .Cm compressed ,
1374: .Cm uncompressed
1.47 jmc 1375: (the default),
1.1 jsing 1376: and
1377: .Cm hybrid .
1378: For more information regarding
1.47 jmc 1379: the point conversion forms see the X9.62 standard.
1.1 jsing 1380: Note:
1381: Due to patent issues the
1382: .Cm compressed
1383: option is disabled by default for binary curves
1384: and can be enabled by defining the preprocessor macro
1.47 jmc 1385: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1386: at compile time.
1387: .It Fl des | des3
1.47 jmc 1388: Encrypt the private key with DES, triple DES, or
1.1 jsing 1389: any other cipher supported by
1.47 jmc 1390: .Nm openssl .
1.1 jsing 1391: A pass phrase is prompted for.
1392: If none of these options is specified the key is written in plain text.
1393: This means that using the
1394: .Nm ec
1395: utility to read in an encrypted key with no
1396: encryption option can be used to remove the pass phrase from a key,
1397: or by setting the encryption options
1.83 naddy 1398: it can be used to add or change the pass phrase.
1.1 jsing 1399: These options can only be used with PEM format output files.
1400: .It Fl in Ar file
1.47 jmc 1401: The input file to read a key from,
1402: or standard input if not specified.
1.1 jsing 1403: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1404: .It Fl inform Cm der | pem
1405: The input format.
1.1 jsing 1406: .It Fl noout
1.47 jmc 1407: Do not output the encoded version of the key.
1.1 jsing 1408: .It Fl out Ar file
1.47 jmc 1409: The output filename to write to,
1410: or standard output if not specified.
1.1 jsing 1411: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1412: .It Fl outform Cm der | pem
1413: The output format.
1.1 jsing 1414: .It Fl param_enc Ar arg
1.47 jmc 1415: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1416: Possible value are:
1417: .Cm named_curve ,
1418: i.e. the EC parameters are specified by an OID; or
1419: .Cm explicit ,
1420: where the EC parameters are explicitly given
1421: (see RFC 3279 for the definition of the EC parameter structures).
1422: The default value is
1423: .Cm named_curve .
1424: Note: the
1425: .Cm implicitlyCA
1426: alternative,
1427: as specified in RFC 3279,
1.47 jmc 1428: is currently not implemented.
1.106 inoguchi 1429: .It Fl param_out
1430: Print the elliptic curve parameters.
1.1 jsing 1431: .It Fl passin Ar arg
1432: The key password source.
1433: .It Fl passout Ar arg
1434: The output file password source.
1435: .It Fl pubin
1.60 jmc 1436: Read in a public key, not a private key.
1.1 jsing 1437: .It Fl pubout
1.60 jmc 1438: Output a public key, not a private key.
1439: Automatically set if the input is a public key.
1.1 jsing 1440: .It Fl text
1.64 jmc 1441: Print the public/private key in plain text.
1.1 jsing 1442: .El
1443: .Sh ECPARAM
1.114 jmc 1444: .Bl -hang -width "openssl ecparam"
1445: .It Nm openssl ecparam
1446: .Bk -words
1.1 jsing 1447: .Op Fl C
1448: .Op Fl check
1449: .Op Fl conv_form Ar arg
1450: .Op Fl genkey
1451: .Op Fl in Ar file
1.48 jmc 1452: .Op Fl inform Cm der | pem
1.1 jsing 1453: .Op Fl list_curves
1454: .Op Fl name Ar arg
1455: .Op Fl no_seed
1456: .Op Fl noout
1457: .Op Fl out Ar file
1.48 jmc 1458: .Op Fl outform Cm der | pem
1.1 jsing 1459: .Op Fl param_enc Ar arg
1460: .Op Fl text
1.114 jmc 1461: .Ek
1462: .El
1.1 jsing 1463: .Pp
1.48 jmc 1464: The
1465: .Nm ecparam
1466: command is used to manipulate or generate EC parameter files.
1467: .Nm openssl
1468: is not able to generate new groups so
1469: .Nm ecparam
1470: can only create EC parameters from known (named) curves.
1471: .Pp
1.1 jsing 1472: The options are as follows:
1473: .Bl -tag -width Ds
1474: .It Fl C
1475: Convert the EC parameters into C code.
1476: The parameters can then be loaded by calling the
1.48 jmc 1477: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1478: function.
1479: .It Fl check
1480: Validate the elliptic curve parameters.
1481: .It Fl conv_form Ar arg
1482: Specify how the points on the elliptic curve are converted
1483: into octet strings.
1484: Possible values are:
1.95 tb 1485: .Cm compressed ,
1486: .Cm uncompressed
1.48 jmc 1487: (the default),
1.1 jsing 1488: and
1489: .Cm hybrid .
1490: For more information regarding
1.48 jmc 1491: the point conversion forms see the X9.62 standard.
1.1 jsing 1492: Note:
1493: Due to patent issues the
1494: .Cm compressed
1495: option is disabled by default for binary curves
1496: and can be enabled by defining the preprocessor macro
1.48 jmc 1497: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1498: at compile time.
1499: .It Fl genkey
1500: Generate an EC private key using the specified parameters.
1501: .It Fl in Ar file
1.48 jmc 1502: The input file to read from,
1503: or standard input if not specified.
1504: .It Fl inform Cm der | pem
1505: The input format.
1.1 jsing 1506: .It Fl list_curves
1.48 jmc 1507: Print a list of all
1.1 jsing 1508: currently implemented EC parameter names and exit.
1509: .It Fl name Ar arg
1.48 jmc 1510: Use the EC parameters with the specified "short" name.
1.1 jsing 1511: .It Fl no_seed
1.48 jmc 1512: Do not include the seed for the parameter generation
1513: in the ECParameters structure (see RFC 3279).
1.1 jsing 1514: .It Fl noout
1.48 jmc 1515: Do not output the encoded version of the parameters.
1.1 jsing 1516: .It Fl out Ar file
1.48 jmc 1517: The output file to write to,
1518: or standard output if not specified.
1519: .It Fl outform Cm der | pem
1520: The output format.
1.1 jsing 1521: .It Fl param_enc Ar arg
1.48 jmc 1522: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1523: Possible value are:
1524: .Cm named_curve ,
1525: i.e. the EC parameters are specified by an OID, or
1526: .Cm explicit ,
1527: where the EC parameters are explicitly given
1528: (see RFC 3279 for the definition of the EC parameter structures).
1529: The default value is
1530: .Cm named_curve .
1531: Note: the
1532: .Cm implicitlyCA
1533: alternative, as specified in RFC 3279,
1.48 jmc 1534: is currently not implemented.
1.1 jsing 1535: .It Fl text
1.64 jmc 1536: Print the EC parameters in plain text.
1.1 jsing 1537: .El
1538: .Sh ENC
1.114 jmc 1539: .Bl -hang -width "openssl enc"
1540: .It Nm openssl enc
1541: .Bk -words
1.1 jsing 1542: .Fl ciphername
1.106 inoguchi 1543: .Op Fl AadePpv
1.1 jsing 1544: .Op Fl base64
1545: .Op Fl bufsize Ar number
1546: .Op Fl debug
1547: .Op Fl in Ar file
1.97 jmc 1548: .Op Fl iter Ar iterations
1.1 jsing 1549: .Op Fl iv Ar IV
1550: .Op Fl K Ar key
1551: .Op Fl k Ar password
1552: .Op Fl kfile Ar file
1553: .Op Fl md Ar digest
1554: .Op Fl none
1555: .Op Fl nopad
1556: .Op Fl nosalt
1557: .Op Fl out Ar file
1558: .Op Fl pass Ar arg
1.96 beck 1559: .Op Fl pbkdf2
1.1 jsing 1560: .Op Fl S Ar salt
1561: .Op Fl salt
1.114 jmc 1562: .Ek
1563: .El
1.1 jsing 1564: .Pp
1565: The symmetric cipher commands allow data to be encrypted or decrypted
1566: using various block and stream ciphers using keys based on passwords
1567: or explicitly provided.
1568: Base64 encoding or decoding can also be performed either by itself
1569: or in addition to the encryption or decryption.
1.49 jmc 1570: The program can be called either as
1571: .Nm openssl Ar ciphername
1572: or
1573: .Nm openssl enc - Ns Ar ciphername .
1574: .Pp
1575: Some of the ciphers do not have large keys and others have security
1576: implications if not used correctly.
1577: All the block ciphers normally use PKCS#5 padding,
1578: also known as standard block padding.
1579: If padding is disabled, the input data must be a multiple of the cipher
1580: block length.
1.1 jsing 1581: .Pp
1582: The options are as follows:
1583: .Bl -tag -width Ds
1584: .It Fl A
1585: If the
1586: .Fl a
1587: option is set, then base64 process the data on one line.
1588: .It Fl a , base64
1589: Base64 process the data.
1590: This means that if encryption is taking place, the data is base64-encoded
1591: after encryption.
1.49 jmc 1592: If decryption is set, the input data is base64-decoded before
1.1 jsing 1593: being decrypted.
1594: .It Fl bufsize Ar number
1595: Set the buffer size for I/O.
1596: .It Fl d
1597: Decrypt the input data.
1598: .It Fl debug
1599: Debug the BIOs used for I/O.
1600: .It Fl e
1.49 jmc 1601: Encrypt the input data.
1602: This is the default.
1.1 jsing 1603: .It Fl in Ar file
1.49 jmc 1604: The input file to read from,
1.57 jmc 1605: or standard input if not specified.
1.97 jmc 1606: .It Fl iter Ar iterations
1607: Use the pbkdf2 key derivation function, with
1608: .Ar iterations
1609: as the number of iterations.
1.1 jsing 1610: .It Fl iv Ar IV
1611: The actual
1612: .Ar IV
1613: .Pq initialisation vector
1614: to use:
1615: this must be represented as a string comprised only of hex digits.
1616: When only the
1617: .Ar key
1618: is specified using the
1619: .Fl K
1.49 jmc 1620: option,
1621: the IV must explicitly be defined.
1.1 jsing 1622: When a password is being specified using one of the other options,
1.49 jmc 1623: the IV is generated from this password.
1.1 jsing 1624: .It Fl K Ar key
1625: The actual
1626: .Ar key
1627: to use:
1628: this must be represented as a string comprised only of hex digits.
1.49 jmc 1629: If only the key is specified,
1630: the IV must also be specified using the
1.1 jsing 1631: .Fl iv
1632: option.
1633: When both a
1634: .Ar key
1635: and a
1636: .Ar password
1637: are specified, the
1638: .Ar key
1639: given with the
1640: .Fl K
1.49 jmc 1641: option will be used and the IV generated from the password will be taken.
1.1 jsing 1642: It probably does not make much sense to specify both
1643: .Ar key
1644: and
1645: .Ar password .
1646: .It Fl k Ar password
1647: The
1648: .Ar password
1649: to derive the key from.
1650: Superseded by the
1651: .Fl pass
1652: option.
1653: .It Fl kfile Ar file
1654: Read the password to derive the key from the first line of
1655: .Ar file .
1656: Superseded by the
1657: .Fl pass
1658: option.
1659: .It Fl md Ar digest
1660: Use
1661: .Ar digest
1662: to create a key from a pass phrase.
1663: .Ar digest
1664: may be one of
1.49 jmc 1665: .Cm md5
1.1 jsing 1666: or
1.49 jmc 1667: .Cm sha1 .
1.1 jsing 1668: .It Fl none
1669: Use NULL cipher (no encryption or decryption of input).
1670: .It Fl nopad
1671: Disable standard block padding.
1672: .It Fl nosalt
1.49 jmc 1673: Don't use a salt in the key derivation routines.
1.81 jmc 1674: This option should never be used
1.49 jmc 1675: since it makes it possible to perform efficient dictionary
1676: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1677: .It Fl out Ar file
1.51 jmc 1678: The output file to write to,
1.57 jmc 1679: or standard output if not specified.
1.1 jsing 1680: .It Fl P
1.49 jmc 1681: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1682: don't do any encryption or decryption.
1683: .It Fl p
1.49 jmc 1684: Print out the salt, key, and IV used.
1.1 jsing 1685: .It Fl pass Ar arg
1686: The password source.
1.96 beck 1687: .It Fl pbkdf2
1.97 jmc 1688: Use the pbkdf2 key derivation function, with
1.96 beck 1689: the default of 10000 iterations.
1.1 jsing 1690: .It Fl S Ar salt
1691: The actual
1692: .Ar salt
1693: to use:
1694: this must be represented as a string comprised only of hex digits.
1695: .It Fl salt
1.49 jmc 1696: Use a salt in the key derivation routines (the default).
1697: When the salt is being used
1698: the first eight bytes of the encrypted data are reserved for the salt:
1699: it is randomly generated when encrypting a file and read from the
1700: encrypted file when it is decrypted.
1.106 inoguchi 1701: .It Fl v
1702: Print extra details about the processing.
1.1 jsing 1703: .El
1704: .Sh ERRSTR
1705: .Nm openssl errstr
1706: .Op Fl stats
1707: .Ar errno ...
1708: .Pp
1709: The
1710: .Nm errstr
1711: command performs error number to error string conversion,
1712: generating a human-readable string representing the error code
1713: .Ar errno .
1714: The string is obtained through the
1715: .Xr ERR_error_string_n 3
1716: function and has the following format:
1717: .Pp
1718: .Dl error:[error code]:[library name]:[function name]:[reason string]
1719: .Pp
1720: .Bq error code
1721: is an 8-digit hexadecimal number.
1722: The remaining fields
1723: .Bq library name ,
1724: .Bq function name ,
1725: and
1726: .Bq reason string
1727: are all ASCII text.
1728: .Pp
1729: The options are as follows:
1730: .Bl -tag -width Ds
1731: .It Fl stats
1732: Print debugging statistics about various aspects of the hash table.
1733: .El
1734: .Sh GENDSA
1.114 jmc 1735: .Bl -hang -width "openssl gendsa"
1736: .It Nm openssl gendsa
1737: .Bk -words
1.1 jsing 1738: .Oo
1.102 jmc 1739: .Fl aes128 | aes192 | aes256 | camellia128 |
1740: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 1741: .Oc
1742: .Op Fl out Ar file
1.101 inoguchi 1743: .Op Fl passout Ar arg
1744: .Ar paramfile
1.114 jmc 1745: .Ek
1746: .El
1.1 jsing 1747: .Pp
1748: The
1749: .Nm gendsa
1750: command generates a DSA private key from a DSA parameter file
1.51 jmc 1751: (typically generated by the
1.1 jsing 1752: .Nm openssl dsaparam
1753: command).
1.51 jmc 1754: DSA key generation is little more than random number generation so it is
1755: much quicker than,
1756: for example,
1757: RSA key generation.
1.1 jsing 1758: .Pp
1759: The options are as follows:
1760: .Bl -tag -width Ds
1761: .It Xo
1762: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 1763: .Fl camellia128 | camellia192 | camellia256 |
1764: .Fl des | des3 |
1765: .Fl idea
1.1 jsing 1766: .Xc
1.101 inoguchi 1767: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1768: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1769: A pass phrase is prompted for.
1770: If none of these options are specified, no encryption is used.
1771: .It Fl out Ar file
1.51 jmc 1772: The output file to write to,
1.57 jmc 1773: or standard output if not specified.
1.101 inoguchi 1774: .It Fl passout Ar arg
1775: The output file password source.
1.1 jsing 1776: .It Ar paramfile
1.51 jmc 1777: Specify the DSA parameter file to use.
1.1 jsing 1778: The parameters in this file determine the size of the private key.
1779: .El
1780: .Sh GENPKEY
1.114 jmc 1781: .Bl -hang -width "openssl genpkey"
1782: .It Nm openssl genpkey
1783: .Bk -words
1.1 jsing 1784: .Op Fl algorithm Ar alg
1785: .Op Ar cipher
1786: .Op Fl genparam
1787: .Op Fl out Ar file
1.52 jmc 1788: .Op Fl outform Cm der | pem
1.1 jsing 1789: .Op Fl paramfile Ar file
1790: .Op Fl pass Ar arg
1791: .Op Fl pkeyopt Ar opt : Ns Ar value
1792: .Op Fl text
1.114 jmc 1793: .Ek
1794: .El
1.1 jsing 1795: .Pp
1796: The
1797: .Nm genpkey
1798: command generates private keys.
1799: The use of this
1800: program is encouraged over the algorithm specific utilities
1.22 bcook 1801: because additional algorithm options can be used.
1.1 jsing 1802: .Pp
1803: The options are as follows:
1804: .Bl -tag -width Ds
1805: .It Fl algorithm Ar alg
1806: The public key algorithm to use,
1807: such as RSA, DSA, or DH.
1.52 jmc 1808: This option must precede any
1.1 jsing 1809: .Fl pkeyopt
1810: options.
1811: The options
1812: .Fl paramfile
1813: and
1814: .Fl algorithm
1815: are mutually exclusive.
1816: .It Ar cipher
1817: Encrypt the private key with the supplied cipher.
1818: Any algorithm name accepted by
1.52 jmc 1819: .Xr EVP_get_cipherbyname 3
1820: is acceptable.
1.1 jsing 1821: .It Fl genparam
1822: Generate a set of parameters instead of a private key.
1.52 jmc 1823: This option must precede any
1.1 jsing 1824: .Fl algorithm ,
1825: .Fl paramfile ,
1826: or
1827: .Fl pkeyopt
1828: options.
1829: .It Fl out Ar file
1.52 jmc 1830: The output file to write to,
1.57 jmc 1831: or standard output if not specified.
1.52 jmc 1832: .It Fl outform Cm der | pem
1833: The output format.
1.1 jsing 1834: .It Fl paramfile Ar file
1.52 jmc 1835: Some public key algorithms generate a private key based on a set of parameters,
1836: which can be supplied using this option.
1.1 jsing 1837: If this option is used the public key
1838: algorithm used is determined by the parameters.
1.52 jmc 1839: This option must precede any
1.1 jsing 1840: .Fl pkeyopt
1841: options.
1842: The options
1843: .Fl paramfile
1844: and
1845: .Fl algorithm
1846: are mutually exclusive.
1847: .It Fl pass Ar arg
1848: The output file password source.
1849: .It Fl pkeyopt Ar opt : Ns Ar value
1850: Set the public key algorithm option
1851: .Ar opt
1852: to
1.52 jmc 1853: .Ar value ,
1854: as follows:
1.1 jsing 1855: .Bl -tag -width Ds -offset indent
1856: .It rsa_keygen_bits : Ns Ar numbits
1857: (RSA)
1858: The number of bits in the generated key.
1.52 jmc 1859: The default is 2048.
1.1 jsing 1860: .It rsa_keygen_pubexp : Ns Ar value
1861: (RSA)
1862: The RSA public exponent value.
1863: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1864: The default is 65537.
1.1 jsing 1865: .It dsa_paramgen_bits : Ns Ar numbits
1866: (DSA)
1867: The number of bits in the generated parameters.
1.52 jmc 1868: The default is 1024.
1.1 jsing 1869: .It dh_paramgen_prime_len : Ns Ar numbits
1870: (DH)
1871: The number of bits in the prime parameter
1872: .Ar p .
1873: .It dh_paramgen_generator : Ns Ar value
1874: (DH)
1875: The value to use for the generator
1876: .Ar g .
1877: .It ec_paramgen_curve : Ns Ar curve
1878: (EC)
1879: The EC curve to use.
1880: .El
1.52 jmc 1881: .It Fl text
1.64 jmc 1882: Print the private/public key in plain text.
1.52 jmc 1883: .El
1.1 jsing 1884: .Sh GENRSA
1.114 jmc 1885: .Bl -hang -width "openssl genrsa"
1886: .It Nm openssl genrsa
1887: .Bk -words
1.1 jsing 1888: .Op Fl 3 | f4
1.109 inoguchi 1889: .Oo
1890: .Fl aes128 | aes192 | aes256 | camellia128 |
1891: .Fl camellia192 | camellia256 | des | des3 | idea
1892: .Oc
1.1 jsing 1893: .Op Fl out Ar file
1894: .Op Fl passout Ar arg
1895: .Op Ar numbits
1.114 jmc 1896: .Ek
1897: .El
1.1 jsing 1898: .Pp
1899: The
1900: .Nm genrsa
1.53 jmc 1901: command generates an RSA private key,
1902: which essentially involves the generation of two prime numbers.
1903: When generating the key,
1904: various symbols will be output to indicate the progress of the generation.
1905: A
1906: .Sq \&.
1907: represents each number which has passed an initial sieve test;
1908: .Sq +
1909: means a number has passed a single round of the Miller-Rabin primality test.
1910: A newline means that the number has passed all the prime tests
1911: (the actual number depends on the key size).
1.1 jsing 1912: .Pp
1913: The options are as follows:
1914: .Bl -tag -width Ds
1915: .It Fl 3 | f4
1916: The public exponent to use, either 3 or 65537.
1917: The default is 65537.
1.109 inoguchi 1918: .It Xo
1919: .Fl aes128 | aes192 | aes256 |
1920: .Fl camellia128 | camellia192 | camellia256 |
1921: .Fl des | des3 |
1922: .Fl idea
1923: .Xc
1924: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1925: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1926: If none of these options are specified, no encryption is used.
1927: If encryption is used, a pass phrase is prompted for,
1928: if it is not supplied via the
1929: .Fl passout
1930: option.
1931: .It Fl out Ar file
1.53 jmc 1932: The output file to write to,
1.57 jmc 1933: or standard output if not specified.
1.1 jsing 1934: .It Fl passout Ar arg
1935: The output file password source.
1936: .It Ar numbits
1937: The size of the private key to generate in bits.
1938: This must be the last option specified.
1939: The default is 2048.
1940: .El
1941: .Sh NSEQ
1942: .Nm openssl nseq
1943: .Op Fl in Ar file
1944: .Op Fl out Ar file
1945: .Op Fl toseq
1946: .Pp
1947: The
1948: .Nm nseq
1.54 jmc 1949: command takes a file containing a Netscape certificate sequence
1950: (an alternative to the standard PKCS#7 format)
1951: and prints out the certificates contained in it,
1952: or takes a file of certificates
1953: and converts it into a Netscape certificate sequence.
1954: .Pp
1.1 jsing 1955: The options are as follows:
1956: .Bl -tag -width Ds
1957: .It Fl in Ar file
1.54 jmc 1958: The input file to read from,
1959: or standard input if not specified.
1.1 jsing 1960: .It Fl out Ar file
1.54 jmc 1961: The output file to write to,
1962: or standard output if not specified.
1.1 jsing 1963: .It Fl toseq
1964: Normally, a Netscape certificate sequence will be input and the output
1965: is the certificates contained in it.
1966: With the
1967: .Fl toseq
1968: option the situation is reversed:
1969: a Netscape certificate sequence is created from a file of certificates.
1970: .El
1971: .Sh OCSP
1.114 jmc 1972: .Bl -hang -width "openssl ocsp"
1973: .It Nm openssl ocsp
1974: .Bk -words
1.1 jsing 1975: .Op Fl CA Ar file
1976: .Op Fl CAfile Ar file
1977: .Op Fl CApath Ar directory
1978: .Op Fl cert Ar file
1979: .Op Fl dgst Ar alg
1.108 inoguchi 1980: .Op Fl header Ar name value
1.55 jmc 1981: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 1982: .Op Fl ignore_err
1.1 jsing 1983: .Op Fl index Ar indexfile
1984: .Op Fl issuer Ar file
1985: .Op Fl ndays Ar days
1986: .Op Fl nmin Ar minutes
1987: .Op Fl no_cert_checks
1988: .Op Fl no_cert_verify
1989: .Op Fl no_certs
1990: .Op Fl no_chain
1.108 inoguchi 1991: .Op Fl no_explicit
1.1 jsing 1992: .Op Fl no_intern
1993: .Op Fl no_nonce
1994: .Op Fl no_signature_verify
1995: .Op Fl nonce
1996: .Op Fl noverify
1997: .Op Fl nrequest Ar number
1998: .Op Fl out Ar file
1999: .Op Fl path Ar path
2000: .Op Fl port Ar portnum
2001: .Op Fl req_text
2002: .Op Fl reqin Ar file
2003: .Op Fl reqout Ar file
2004: .Op Fl resp_key_id
2005: .Op Fl resp_no_certs
2006: .Op Fl resp_text
2007: .Op Fl respin Ar file
2008: .Op Fl respout Ar file
2009: .Op Fl rkey Ar file
2010: .Op Fl rother Ar file
2011: .Op Fl rsigner Ar file
1.108 inoguchi 2012: .Op Fl serial Ar num
1.1 jsing 2013: .Op Fl sign_other Ar file
2014: .Op Fl signer Ar file
2015: .Op Fl signkey Ar file
2016: .Op Fl status_age Ar age
2017: .Op Fl text
1.108 inoguchi 2018: .Op Fl timeout Ar seconds
1.1 jsing 2019: .Op Fl trust_other
2020: .Op Fl url Ar responder_url
2021: .Op Fl VAfile Ar file
2022: .Op Fl validity_period Ar nsec
2023: .Op Fl verify_other Ar file
1.114 jmc 2024: .Ek
2025: .El
1.1 jsing 2026: .Pp
1.55 jmc 2027: The Online Certificate Status Protocol (OCSP)
2028: enables applications to determine the (revocation) state
2029: of an identified certificate (RFC 2560).
1.1 jsing 2030: .Pp
2031: The
2032: .Nm ocsp
2033: command performs many common OCSP tasks.
2034: It can be used to print out requests and responses,
2035: create requests and send queries to an OCSP responder,
2036: and behave like a mini OCSP server itself.
2037: .Pp
2038: The options are as follows:
2039: .Bl -tag -width Ds
2040: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2041: A file or path containing trusted CA certificates,
2042: used to verify the signature on the OCSP response.
1.1 jsing 2043: .It Fl cert Ar file
2044: Add the certificate
2045: .Ar file
2046: to the request.
2047: The issuer certificate is taken from the previous
2048: .Fl issuer
2049: option, or an error occurs if no issuer certificate is specified.
2050: .It Fl dgst Ar alg
1.55 jmc 2051: Use the digest algorithm
2052: .Ar alg
2053: for certificate identification in the OCSP request.
1.1 jsing 2054: By default SHA-1 is used.
2055: .It Xo
2056: .Fl host Ar hostname : Ns Ar port ,
2057: .Fl path Ar path
2058: .Xc
1.55 jmc 2059: Send
2060: the OCSP request to
1.1 jsing 2061: .Ar hostname
1.55 jmc 2062: on
1.1 jsing 2063: .Ar port .
2064: .Fl path
2065: specifies the HTTP path name to use, or
1.55 jmc 2066: .Pa /
1.1 jsing 2067: by default.
1.108 inoguchi 2068: .It Fl header Ar name value
2069: Add the header name with the specified value to the OCSP request that is sent
2070: to the responder.
2071: This may be repeated.
1.1 jsing 2072: .It Fl issuer Ar file
1.81 jmc 2073: The current issuer certificate, in PEM format.
2074: Can be used multiple times and must come before any
1.1 jsing 2075: .Fl cert
2076: options.
2077: .It Fl no_cert_checks
2078: Don't perform any additional checks on the OCSP response signer's certificate.
2079: That is, do not make any checks to see if the signer's certificate is
2080: authorised to provide the necessary status information:
2081: as a result this option should only be used for testing purposes.
2082: .It Fl no_cert_verify
2083: Don't verify the OCSP response signer's certificate at all.
2084: Since this option allows the OCSP response to be signed by any certificate,
2085: it should only be used for testing purposes.
2086: .It Fl no_certs
1.55 jmc 2087: Don't include any certificates in the signed request.
1.1 jsing 2088: .It Fl no_chain
2089: Do not use certificates in the response as additional untrusted CA
2090: certificates.
1.108 inoguchi 2091: .It Fl no_explicit
2092: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2093: .It Fl no_intern
2094: Ignore certificates contained in the OCSP response
2095: when searching for the signer's certificate.
1.55 jmc 2096: The signer's certificate must be specified with either the
1.1 jsing 2097: .Fl verify_other
2098: or
2099: .Fl VAfile
2100: options.
2101: .It Fl no_signature_verify
2102: Don't check the signature on the OCSP response.
2103: Since this option tolerates invalid signatures on OCSP responses,
2104: it will normally only be used for testing purposes.
2105: .It Fl nonce , no_nonce
1.55 jmc 2106: Add an OCSP nonce extension to a request,
2107: or disable an OCSP nonce addition.
1.1 jsing 2108: Normally, if an OCSP request is input using the
2109: .Fl respin
1.55 jmc 2110: option no nonce is added:
1.1 jsing 2111: using the
2112: .Fl nonce
1.55 jmc 2113: option will force the addition of a nonce.
1.1 jsing 2114: If an OCSP request is being created (using the
2115: .Fl cert
2116: and
2117: .Fl serial
2118: options)
1.55 jmc 2119: a nonce is automatically added; specifying
1.1 jsing 2120: .Fl no_nonce
2121: overrides this.
2122: .It Fl noverify
1.55 jmc 2123: Don't attempt to verify the OCSP response signature or the nonce values.
2124: This is normally only be used for debugging
1.1 jsing 2125: since it disables all verification of the responder's certificate.
2126: .It Fl out Ar file
1.55 jmc 2127: Specify the output file to write to,
1.57 jmc 2128: or standard output if not specified.
1.1 jsing 2129: .It Fl req_text , resp_text , text
2130: Print out the text form of the OCSP request, response, or both, respectively.
2131: .It Fl reqin Ar file , Fl respin Ar file
2132: Read an OCSP request or response file from
2133: .Ar file .
2134: These options are ignored
2135: if an OCSP request or response creation is implied by other options
2136: (for example with the
2137: .Fl serial , cert ,
2138: and
2139: .Fl host
2140: options).
2141: .It Fl reqout Ar file , Fl respout Ar file
2142: Write out the DER-encoded certificate request or response to
2143: .Ar file .
2144: .It Fl serial Ar num
2145: Same as the
2146: .Fl cert
2147: option except the certificate with serial number
2148: .Ar num
2149: is added to the request.
2150: The serial number is interpreted as a decimal integer unless preceded by
2151: .Sq 0x .
1.55 jmc 2152: Negative integers can also be specified
2153: by preceding the value with a minus sign.
1.1 jsing 2154: .It Fl sign_other Ar file
2155: Additional certificates to include in the signed request.
2156: .It Fl signer Ar file , Fl signkey Ar file
2157: Sign the OCSP request using the certificate specified in the
2158: .Fl signer
2159: option and the private key specified by the
2160: .Fl signkey
2161: option.
2162: If the
2163: .Fl signkey
2164: option is not present, then the private key is read from the same file
2165: as the certificate.
2166: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2167: .It Fl timeout Ar seconds
2168: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2169: .It Fl trust_other
2170: The certificates specified by the
2171: .Fl verify_other
2172: option should be explicitly trusted and no additional checks will be
2173: performed on them.
2174: This is useful when the complete responder certificate chain is not available
2175: or trusting a root CA is not appropriate.
2176: .It Fl url Ar responder_url
2177: Specify the responder URL.
2178: Both HTTP and HTTPS
2179: .Pq SSL/TLS
2180: URLs can be specified.
2181: .It Fl VAfile Ar file
1.55 jmc 2182: A file containing explicitly trusted responder certificates.
1.1 jsing 2183: Equivalent to the
2184: .Fl verify_other
2185: and
2186: .Fl trust_other
2187: options.
2188: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2189: The range of times, in seconds, which will be tolerated in an OCSP response.
2190: Each certificate status response includes a notBefore time
2191: and an optional notAfter time.
1.1 jsing 2192: The current time should fall between these two values,
2193: but the interval between the two times may be only a few seconds.
2194: In practice the OCSP responder and clients' clocks may not be precisely
2195: synchronised and so such a check may fail.
2196: To avoid this the
2197: .Fl validity_period
2198: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2199: the default value being 5 minutes.
1.1 jsing 2200: .Pp
1.55 jmc 2201: If the notAfter time is omitted from a response,
2202: it means that new status information is immediately available.
2203: In this case the age of the notBefore field is checked
2204: to see it is not older than
1.1 jsing 2205: .Ar age
2206: seconds old.
2207: By default, this additional check is not performed.
2208: .It Fl verify_other Ar file
1.55 jmc 2209: A file containing additional certificates to search
2210: when attempting to locate the OCSP response signing certificate.
2211: Some responders omit the actual signer's certificate from the response,
2212: so this can be used to supply the necessary certificate.
1.1 jsing 2213: .El
1.55 jmc 2214: .Pp
2215: The options for the OCSP server are as follows:
1.1 jsing 2216: .Bl -tag -width "XXXX"
2217: .It Fl CA Ar file
2218: CA certificate corresponding to the revocation information in
2219: .Ar indexfile .
1.108 inoguchi 2220: .It Fl ignore_err
2221: Ignore the invalid response.
1.1 jsing 2222: .It Fl index Ar indexfile
2223: .Ar indexfile
1.55 jmc 2224: is a text index file in ca format
2225: containing certificate revocation information.
1.1 jsing 2226: .Pp
1.55 jmc 2227: If this option is specified,
1.1 jsing 2228: .Nm ocsp
1.55 jmc 2229: is in responder mode, otherwise it is in client mode.
2230: The requests the responder processes can be either specified on
1.1 jsing 2231: the command line (using the
2232: .Fl issuer
2233: and
2234: .Fl serial
2235: options), supplied in a file (using the
2236: .Fl respin
1.55 jmc 2237: option), or via external OCSP clients (if
1.1 jsing 2238: .Ar port
2239: or
2240: .Ar url
2241: is specified).
2242: .Pp
1.55 jmc 2243: If this option is present, then the
1.1 jsing 2244: .Fl CA
2245: and
2246: .Fl rsigner
2247: options must also be present.
2248: .It Fl nmin Ar minutes , Fl ndays Ar days
2249: Number of
2250: .Ar minutes
2251: or
2252: .Ar days
1.55 jmc 2253: when fresh revocation information is available:
2254: used in the nextUpdate field.
2255: If neither option is present,
2256: the nextUpdate field is omitted,
2257: meaning fresh revocation information is immediately available.
1.1 jsing 2258: .It Fl nrequest Ar number
1.55 jmc 2259: Exit after receiving
1.1 jsing 2260: .Ar number
1.55 jmc 2261: requests (the default is unlimited).
1.1 jsing 2262: .It Fl port Ar portnum
2263: Port to listen for OCSP requests on.
1.55 jmc 2264: May also be specified using the
1.1 jsing 2265: .Fl url
2266: option.
2267: .It Fl resp_key_id
2268: Identify the signer certificate using the key ID;
1.55 jmc 2269: the default is to use the subject name.
1.1 jsing 2270: .It Fl resp_no_certs
2271: Don't include any certificates in the OCSP response.
2272: .It Fl rkey Ar file
2273: The private key to sign OCSP responses with;
2274: if not present, the file specified in the
2275: .Fl rsigner
2276: option is used.
2277: .It Fl rother Ar file
2278: Additional certificates to include in the OCSP response.
2279: .It Fl rsigner Ar file
2280: The certificate to sign OCSP responses with.
2281: .El
2282: .Pp
2283: Initially the OCSP responder certificate is located and the signature on
2284: the OCSP request checked using the responder certificate's public key.
2285: Then a normal certificate verify is performed on the OCSP responder certificate
2286: building up a certificate chain in the process.
2287: The locations of the trusted certificates used to build the chain can be
2288: specified by the
2289: .Fl CAfile
2290: and
2291: .Fl CApath
2292: options or they will be looked for in the standard
1.55 jmc 2293: .Nm openssl
2294: certificates directory.
1.1 jsing 2295: .Pp
1.55 jmc 2296: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2297: Otherwise the issuing CA certificate in the request is compared to the OCSP
2298: responder certificate: if there is a match then the OCSP verify succeeds.
2299: .Pp
2300: Otherwise the OCSP responder certificate's CA is checked against the issuing
2301: CA certificate in the request.
2302: If there is a match and the OCSPSigning extended key usage is present
2303: in the OCSP responder certificate, then the OCSP verify succeeds.
2304: .Pp
2305: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2306: is trusted for OCSP signing.
2307: If it is, the OCSP verify succeeds.
2308: .Pp
2309: If none of these checks is successful, the OCSP verify fails.
2310: What this effectively means is that if the OCSP responder certificate is
2311: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2312: (and it is correctly configured),
1.1 jsing 2313: then verification will succeed.
2314: .Pp
1.55 jmc 2315: If the OCSP responder is a global responder,
2316: which can give details about multiple CAs
2317: and has its own separate certificate chain,
2318: then its root CA can be trusted for OCSP signing.
1.1 jsing 2319: Alternatively, the responder certificate itself can be explicitly trusted
2320: with the
2321: .Fl VAfile
2322: option.
2323: .Sh PASSWD
1.114 jmc 2324: .Bl -hang -width "openssl passwd"
2325: .It Nm openssl passwd
2326: .Bk -words
1.1 jsing 2327: .Op Fl 1 | apr1 | crypt
2328: .Op Fl in Ar file
2329: .Op Fl noverify
2330: .Op Fl quiet
2331: .Op Fl reverse
2332: .Op Fl salt Ar string
2333: .Op Fl stdin
2334: .Op Fl table
2335: .Op Ar password
1.114 jmc 2336: .Ek
2337: .El
1.1 jsing 2338: .Pp
2339: The
2340: .Nm passwd
1.56 jmc 2341: command computes the hash of a password.
1.1 jsing 2342: .Pp
2343: The options are as follows:
2344: .Bl -tag -width Ds
2345: .It Fl 1
2346: Use the MD5 based
2347: .Bx
2348: password algorithm
1.56 jmc 2349: .Qq 1 .
1.1 jsing 2350: .It Fl apr1
2351: Use the
1.56 jmc 2352: .Qq apr1
1.1 jsing 2353: algorithm
1.56 jmc 2354: .Po
2355: Apache variant of the
1.1 jsing 2356: .Bx
1.56 jmc 2357: algorithm
2358: .Pc .
1.1 jsing 2359: .It Fl crypt
2360: Use the
1.56 jmc 2361: .Qq crypt
2362: algorithm (the default).
1.1 jsing 2363: .It Fl in Ar file
2364: Read passwords from
2365: .Ar file .
2366: .It Fl noverify
2367: Don't verify when reading a password from the terminal.
2368: .It Fl quiet
2369: Don't output warnings when passwords given on the command line are truncated.
2370: .It Fl reverse
2371: Switch table columns.
2372: This only makes sense in conjunction with the
2373: .Fl table
2374: option.
2375: .It Fl salt Ar string
1.56 jmc 2376: Use the salt specified by
2377: .Ar string .
1.1 jsing 2378: When reading a password from the terminal, this implies
2379: .Fl noverify .
2380: .It Fl stdin
1.56 jmc 2381: Read passwords from standard input.
1.1 jsing 2382: .It Fl table
2383: In the output list, prepend the cleartext password and a TAB character
2384: to each password hash.
2385: .El
2386: .Sh PKCS7
1.114 jmc 2387: .Bl -hang -width "openssl pkcs7"
2388: .It Nm openssl pkcs7
2389: .Bk -words
1.1 jsing 2390: .Op Fl in Ar file
1.57 jmc 2391: .Op Fl inform Cm der | pem
1.1 jsing 2392: .Op Fl noout
2393: .Op Fl out Ar file
1.57 jmc 2394: .Op Fl outform Cm der | pem
1.106 inoguchi 2395: .Op Fl print
1.1 jsing 2396: .Op Fl print_certs
2397: .Op Fl text
1.114 jmc 2398: .Ek
2399: .El
1.1 jsing 2400: .Pp
2401: The
2402: .Nm pkcs7
2403: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2404: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2405: .Pp
1.1 jsing 2406: The options are as follows:
2407: .Bl -tag -width Ds
2408: .It Fl in Ar file
1.57 jmc 2409: The input file to read from,
2410: or standard input if not specified.
2411: .It Fl inform Cm der | pem
2412: The input format.
1.1 jsing 2413: .It Fl noout
2414: Don't output the encoded version of the PKCS#7 structure
2415: (or certificates if
2416: .Fl print_certs
2417: is set).
2418: .It Fl out Ar file
1.57 jmc 2419: The output to write to,
2420: or standard output if not specified.
2421: .It Fl outform Cm der | pem
2422: The output format.
1.106 inoguchi 2423: .It Fl print
2424: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 2425: .It Fl print_certs
1.57 jmc 2426: Print any certificates or CRLs contained in the file,
2427: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2428: .It Fl text
1.57 jmc 2429: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2430: .El
2431: .Sh PKCS8
1.114 jmc 2432: .Bl -hang -width "openssl pkcs8"
2433: .It Nm openssl pkcs8
2434: .Bk -words
1.1 jsing 2435: .Op Fl in Ar file
1.58 jmc 2436: .Op Fl inform Cm der | pem
1.1 jsing 2437: .Op Fl nocrypt
2438: .Op Fl noiter
2439: .Op Fl out Ar file
1.58 jmc 2440: .Op Fl outform Cm der | pem
1.1 jsing 2441: .Op Fl passin Ar arg
2442: .Op Fl passout Ar arg
2443: .Op Fl topk8
2444: .Op Fl v1 Ar alg
2445: .Op Fl v2 Ar alg
1.114 jmc 2446: .Ek
2447: .El
1.1 jsing 2448: .Pp
2449: The
2450: .Nm pkcs8
1.58 jmc 2451: command processes private keys
2452: (both encrypted and unencrypted)
2453: in PKCS#8 format
2454: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2455: The default encryption is only 56 bits;
2456: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2457: are more secure.
2458: .Pp
1.1 jsing 2459: The options are as follows:
2460: .Bl -tag -width Ds
2461: .It Fl in Ar file
1.58 jmc 2462: The input file to read from,
2463: or standard input if not specified.
1.1 jsing 2464: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2465: .It Fl inform Cm der | pem
2466: The input format.
1.1 jsing 2467: .It Fl nocrypt
1.58 jmc 2468: Generate an unencrypted PrivateKeyInfo structure.
2469: This option does not encrypt private keys at all
2470: and should only be used when absolutely necessary.
1.1 jsing 2471: .It Fl noiter
2472: Use an iteration count of 1.
2473: See the
2474: .Sx PKCS12
2475: section below for a detailed explanation of this option.
2476: .It Fl out Ar file
1.58 jmc 2477: The output file to write to,
2478: or standard output if none is specified.
1.1 jsing 2479: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2480: .It Fl outform Cm der | pem
2481: The output format.
1.1 jsing 2482: .It Fl passin Ar arg
2483: The key password source.
2484: .It Fl passout Ar arg
2485: The output file password source.
2486: .It Fl topk8
1.58 jmc 2487: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2488: .It Fl v1 Ar alg
1.58 jmc 2489: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2490: .Pp
2491: .Bl -tag -width "XXXX" -compact
2492: .It PBE-MD5-DES
2493: 56-bit DES.
2494: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2495: 64-bit RC2 or 56-bit DES.
2496: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2497: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2498: PKCS#12 password-based encryption algorithm,
2499: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2500: .El
1.1 jsing 2501: .It Fl v2 Ar alg
1.58 jmc 2502: Use PKCS#5 v2.0 algorithms.
2503: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2504: however not many implementations support PKCS#5 v2.0 yet
2505: (if using private keys with
2506: .Nm openssl
2507: this doesn't matter).
1.1 jsing 2508: .Pp
2509: .Ar alg
1.58 jmc 2510: is the encryption algorithm to use;
2511: valid values include des, des3, and rc2.
2512: It is recommended that des3 is used.
1.1 jsing 2513: .El
2514: .Sh PKCS12
1.114 jmc 2515: .Bl -hang -width "openssl pkcs12"
2516: .It Nm openssl pkcs12
2517: .Bk -words
1.107 inoguchi 2518: .Oo
2519: .Fl aes128 | aes192 | aes256 | camellia128 |
2520: .Fl camellia192 | camellia256 | des | des3 | idea
2521: .Oc
1.1 jsing 2522: .Op Fl cacerts
2523: .Op Fl CAfile Ar file
2524: .Op Fl caname Ar name
2525: .Op Fl CApath Ar directory
2526: .Op Fl certfile Ar file
2527: .Op Fl certpbe Ar alg
2528: .Op Fl chain
2529: .Op Fl clcerts
2530: .Op Fl CSP Ar name
2531: .Op Fl descert
2532: .Op Fl export
2533: .Op Fl in Ar file
2534: .Op Fl info
2535: .Op Fl inkey Ar file
2536: .Op Fl keyex
2537: .Op Fl keypbe Ar alg
2538: .Op Fl keysig
1.107 inoguchi 2539: .Op Fl LMK
1.1 jsing 2540: .Op Fl macalg Ar alg
2541: .Op Fl maciter
2542: .Op Fl name Ar name
2543: .Op Fl nocerts
2544: .Op Fl nodes
2545: .Op Fl noiter
2546: .Op Fl nokeys
2547: .Op Fl nomac
2548: .Op Fl nomaciter
2549: .Op Fl nomacver
2550: .Op Fl noout
2551: .Op Fl out Ar file
2552: .Op Fl passin Ar arg
2553: .Op Fl passout Ar arg
1.107 inoguchi 2554: .Op Fl password Ar arg
1.1 jsing 2555: .Op Fl twopass
1.114 jmc 2556: .Ek
2557: .El
1.1 jsing 2558: .Pp
2559: The
2560: .Nm pkcs12
2561: command allows PKCS#12 files
2562: .Pq sometimes referred to as PFX files
2563: to be created and parsed.
2564: By default, a PKCS#12 file is parsed;
2565: a PKCS#12 file can be created by using the
2566: .Fl export
1.59 jmc 2567: option.
2568: .Pp
2569: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2570: .Bl -tag -width "XXXX"
1.107 inoguchi 2571: .It Xo
2572: .Fl aes128 | aes192 | aes256 |
2573: .Fl camellia128 | camellia192 | camellia256 |
2574: .Fl des | des3 |
2575: .Fl idea
2576: .Xc
2577: Encrypt private keys using AES, CAMELLIA, DES, triple DES
2578: or the IDEA ciphers, respectively.
1.1 jsing 2579: The default is triple DES.
2580: .It Fl cacerts
2581: Only output CA certificates
2582: .Pq not client certificates .
2583: .It Fl clcerts
2584: Only output client certificates
2585: .Pq not CA certificates .
2586: .It Fl in Ar file
1.59 jmc 2587: The input file to read from,
2588: or standard input if not specified.
1.1 jsing 2589: .It Fl info
2590: Output additional information about the PKCS#12 file structure,
2591: algorithms used, and iteration counts.
2592: .It Fl nocerts
1.59 jmc 2593: Do not output certificates.
1.1 jsing 2594: .It Fl nodes
1.59 jmc 2595: Do not encrypt private keys.
1.1 jsing 2596: .It Fl nokeys
1.59 jmc 2597: Do not output private keys.
1.1 jsing 2598: .It Fl nomacver
1.59 jmc 2599: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2600: .It Fl noout
1.59 jmc 2601: Do not output the keys and certificates to the output file
1.1 jsing 2602: version of the PKCS#12 file.
2603: .It Fl out Ar file
1.59 jmc 2604: The output file to write to,
2605: or standard output if not specified.
1.1 jsing 2606: .It Fl passin Ar arg
2607: The key password source.
2608: .It Fl passout Ar arg
2609: The output file password source.
2610: .It Fl twopass
2611: Prompt for separate integrity and encryption passwords: most software
2612: always assumes these are the same so this option will render such
2613: PKCS#12 files unreadable.
2614: .El
1.59 jmc 2615: .Pp
2616: The options for PKCS12 file creation are as follows:
1.1 jsing 2617: .Bl -tag -width "XXXX"
2618: .It Fl CAfile Ar file
2619: CA storage as a file.
2620: .It Fl CApath Ar directory
2621: CA storage as a directory.
1.59 jmc 2622: The directory must be a standard certificate directory:
1.1 jsing 2623: that is, a hash of each subject name (using
1.59 jmc 2624: .Nm x509 Fl hash )
1.1 jsing 2625: should be linked to each certificate.
2626: .It Fl caname Ar name
1.59 jmc 2627: Specify the
1.1 jsing 2628: .Qq friendly name
2629: for other certificates.
1.59 jmc 2630: May be used multiple times to specify names for all certificates
1.1 jsing 2631: in the order they appear.
2632: .It Fl certfile Ar file
2633: A file to read additional certificates from.
2634: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2635: Specify the algorithm used to encrypt the private key and
1.1 jsing 2636: certificates to be selected.
1.59 jmc 2637: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2638: If a cipher name
2639: (as output by the
2640: .Cm list-cipher-algorithms
2641: command) is specified then it
2642: is used with PKCS#5 v2.0.
2643: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2644: .It Fl chain
1.59 jmc 2645: Include the entire certificate chain of the user certificate.
1.1 jsing 2646: The standard CA store is used for this search.
2647: If the search fails, it is considered a fatal error.
2648: .It Fl CSP Ar name
2649: Write
2650: .Ar name
2651: as a Microsoft CSP name.
2652: .It Fl descert
2653: Encrypt the certificate using triple DES; this may render the PKCS#12
2654: file unreadable by some
2655: .Qq export grade
2656: software.
2657: By default, the private key is encrypted using triple DES and the
2658: certificate using 40-bit RC2.
2659: .It Fl export
1.59 jmc 2660: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2661: .It Fl in Ar file
1.59 jmc 2662: The input file to read from,
1.81 jmc 2663: or standard input if not specified.
1.1 jsing 2664: The order doesn't matter but one private key and its corresponding
2665: certificate should be present.
2666: If additional certificates are present, they will also be included
2667: in the PKCS#12 file.
2668: .It Fl inkey Ar file
1.59 jmc 2669: File to read a private key from.
1.1 jsing 2670: If not present, a private key must be present in the input file.
2671: .It Fl keyex | keysig
1.59 jmc 2672: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2673: Normally,
2674: .Qq export grade
2675: software will only allow 512-bit RSA keys to be
2676: used for encryption purposes, but arbitrary length keys for signing.
2677: The
2678: .Fl keysig
2679: option marks the key for signing only.
2680: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2681: (ActiveX control signing)
1.59 jmc 2682: and SSL client authentication.
1.107 inoguchi 2683: .It Fl LMK
2684: Add local machine keyset attribute to private key.
1.1 jsing 2685: .It Fl macalg Ar alg
2686: Specify the MAC digest algorithm.
1.59 jmc 2687: The default is SHA1.
1.1 jsing 2688: .It Fl maciter
1.66 jmc 2689: Included for compatibility only:
1.59 jmc 2690: it used to be needed to use MAC iterations counts
2691: but they are now used by default.
1.1 jsing 2692: .It Fl name Ar name
1.59 jmc 2693: Specify the
1.1 jsing 2694: .Qq friendly name
2695: for the certificate and private key.
2696: This name is typically displayed in list boxes by software importing the file.
2697: .It Fl nomac
2698: Don't attempt to provide the MAC integrity.
2699: .It Fl nomaciter , noiter
1.59 jmc 2700: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2701: .Pp
2702: To discourage attacks by using large dictionaries of common passwords,
2703: the algorithm that derives keys from passwords can have an iteration count
2704: applied to it: this causes a certain part of the algorithm to be repeated
2705: and slows it down.
2706: The MAC is used to check the file integrity but since it will normally
2707: have the same password as the keys and certificates it could also be attacked.
2708: By default, both MAC and encryption iteration counts are set to 2048;
2709: using these options the MAC and encryption iteration counts can be set to 1.
2710: Since this reduces the file security you should not use these options
2711: unless you really have to.
2712: Most software supports both MAC and key iteration counts.
2713: .It Fl out Ar file
1.59 jmc 2714: The output file to write to,
2715: or standard output if not specified.
1.1 jsing 2716: .It Fl passin Ar arg
2717: The key password source.
2718: .It Fl passout Ar arg
2719: The output file password source.
1.107 inoguchi 2720: .It Fl password Ar arg
2721: With
2722: .Fl export ,
2723: .Fl password
2724: is equivalent to
2725: .Fl passout .
1.108 inoguchi 2726: Otherwise,
1.107 inoguchi 2727: .Fl password
2728: is equivalent to
2729: .Fl passin .
1.1 jsing 2730: .El
2731: .Sh PKEY
1.114 jmc 2732: .Bl -hang -width "openssl pkey"
2733: .It Nm openssl pkey
2734: .Bk -words
1.1 jsing 2735: .Op Ar cipher
2736: .Op Fl in Ar file
1.60 jmc 2737: .Op Fl inform Cm der | pem
1.1 jsing 2738: .Op Fl noout
2739: .Op Fl out Ar file
1.60 jmc 2740: .Op Fl outform Cm der | pem
1.1 jsing 2741: .Op Fl passin Ar arg
2742: .Op Fl passout Ar arg
2743: .Op Fl pubin
2744: .Op Fl pubout
2745: .Op Fl text
2746: .Op Fl text_pub
1.114 jmc 2747: .Ek
2748: .El
1.1 jsing 2749: .Pp
2750: The
2751: .Nm pkey
2752: command processes public or private keys.
2753: They can be converted between various forms
2754: and their components printed out.
2755: .Pp
2756: The options are as follows:
2757: .Bl -tag -width Ds
2758: .It Ar cipher
1.60 jmc 2759: Encrypt the private key with the specified cipher.
1.1 jsing 2760: Any algorithm name accepted by
1.60 jmc 2761: .Xr EVP_get_cipherbyname 3
1.1 jsing 2762: is acceptable, such as
2763: .Cm des3 .
2764: .It Fl in Ar file
1.60 jmc 2765: The input file to read from,
2766: or standard input if not specified.
1.1 jsing 2767: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2768: .It Fl inform Cm der | pem
2769: The input format.
1.1 jsing 2770: .It Fl noout
2771: Do not output the encoded version of the key.
2772: .It Fl out Ar file
1.60 jmc 2773: The output file to write to,
2774: or standard output if not specified.
1.1 jsing 2775: If any encryption options are set then a pass phrase
2776: will be prompted for.
1.60 jmc 2777: .It Fl outform Cm der | pem
2778: The output format.
1.1 jsing 2779: .It Fl passin Ar arg
2780: The key password source.
2781: .It Fl passout Ar arg
2782: The output file password source.
2783: .It Fl pubin
1.60 jmc 2784: Read in a public key, not a private key.
1.1 jsing 2785: .It Fl pubout
1.60 jmc 2786: Output a public key, not a private key.
2787: Automatically set if the input is a public key.
1.1 jsing 2788: .It Fl text
1.64 jmc 2789: Print the public/private key in plain text.
1.1 jsing 2790: .It Fl text_pub
2791: Print out only public key components
2792: even if a private key is being processed.
2793: .El
2794: .Sh PKEYPARAM
2795: .Cm openssl pkeyparam
2796: .Op Fl in Ar file
2797: .Op Fl noout
2798: .Op Fl out Ar file
2799: .Op Fl text
2800: .Pp
2801: The
1.61 jmc 2802: .Nm pkeyparam
1.1 jsing 2803: command processes public or private keys.
1.61 jmc 2804: The key type is determined by the PEM headers.
1.1 jsing 2805: .Pp
2806: The options are as follows:
2807: .Bl -tag -width Ds
2808: .It Fl in Ar file
1.61 jmc 2809: The input file to read from,
2810: or standard input if not specified.
1.1 jsing 2811: .It Fl noout
2812: Do not output the encoded version of the parameters.
2813: .It Fl out Ar file
1.61 jmc 2814: The output file to write to,
2815: or standard output if not specified.
1.1 jsing 2816: .It Fl text
1.64 jmc 2817: Print the parameters in plain text.
1.1 jsing 2818: .El
2819: .Sh PKEYUTL
1.114 jmc 2820: .Bl -hang -width "openssl pkeyutl"
2821: .It Nm openssl pkeyutl
2822: .Bk -words
1.1 jsing 2823: .Op Fl asn1parse
2824: .Op Fl certin
2825: .Op Fl decrypt
2826: .Op Fl derive
2827: .Op Fl encrypt
2828: .Op Fl hexdump
2829: .Op Fl in Ar file
2830: .Op Fl inkey Ar file
1.62 jmc 2831: .Op Fl keyform Cm der | pem
1.1 jsing 2832: .Op Fl out Ar file
2833: .Op Fl passin Ar arg
1.62 jmc 2834: .Op Fl peerform Cm der | pem
1.1 jsing 2835: .Op Fl peerkey Ar file
2836: .Op Fl pkeyopt Ar opt : Ns Ar value
2837: .Op Fl pubin
2838: .Op Fl rev
2839: .Op Fl sigfile Ar file
2840: .Op Fl sign
2841: .Op Fl verify
2842: .Op Fl verifyrecover
1.114 jmc 2843: .Ek
2844: .El
1.1 jsing 2845: .Pp
2846: The
2847: .Nm pkeyutl
2848: command can be used to perform public key operations using
2849: any supported algorithm.
2850: .Pp
2851: The options are as follows:
2852: .Bl -tag -width Ds
2853: .It Fl asn1parse
1.84 jmc 2854: ASN.1 parse the output data.
1.1 jsing 2855: This is useful when combined with the
2856: .Fl verifyrecover
1.84 jmc 2857: option when an ASN.1 structure is signed.
1.1 jsing 2858: .It Fl certin
2859: The input is a certificate containing a public key.
2860: .It Fl decrypt
2861: Decrypt the input data using a private key.
2862: .It Fl derive
2863: Derive a shared secret using the peer key.
2864: .It Fl encrypt
2865: Encrypt the input data using a public key.
2866: .It Fl hexdump
2867: Hex dump the output data.
2868: .It Fl in Ar file
1.62 jmc 2869: The input file to read from,
2870: or standard input if not specified.
1.1 jsing 2871: .It Fl inkey Ar file
2872: The input key file.
2873: By default it should be a private key.
1.62 jmc 2874: .It Fl keyform Cm der | pem
2875: The key format.
1.1 jsing 2876: .It Fl out Ar file
1.62 jmc 2877: The output file to write to,
2878: or standard output if not specified.
1.1 jsing 2879: .It Fl passin Ar arg
2880: The key password source.
1.62 jmc 2881: .It Fl peerform Cm der | pem
2882: The peer key format.
1.1 jsing 2883: .It Fl peerkey Ar file
2884: The peer key file, used by key derivation (agreement) operations.
2885: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2886: Set the public key algorithm option
2887: .Ar opt
2888: to
2889: .Ar value .
2890: Unless otherwise mentioned, all algorithms support the format
2891: .Ar digest : Ns Ar alg ,
2892: which specifies the digest to use
1.1 jsing 2893: for sign, verify, and verifyrecover operations.
2894: The value
2895: .Ar alg
2896: should represent a digest name as used in the
1.62 jmc 2897: .Xr EVP_get_digestbyname 3
2898: function.
2899: .Pp
1.1 jsing 2900: The RSA algorithm supports the
2901: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2902: Some padding modes only support some of these
2903: operations however.
2904: .Bl -tag -width Ds
2905: .It rsa_padding_mode : Ns Ar mode
2906: This sets the RSA padding mode.
2907: Acceptable values for
2908: .Ar mode
2909: are
2910: .Cm pkcs1
2911: for PKCS#1 padding;
2912: .Cm none
2913: for no padding;
2914: .Cm oaep
2915: for OAEP mode;
2916: .Cm x931
2917: for X9.31 mode;
2918: and
2919: .Cm pss
2920: for PSS.
2921: .Pp
2922: In PKCS#1 padding if the message digest is not set then the supplied data is
2923: signed or verified directly instead of using a DigestInfo structure.
2924: If a digest is set then a DigestInfo
2925: structure is used and its length
2926: must correspond to the digest type.
2927: For oeap mode only encryption and decryption is supported.
2928: For x931 if the digest type is set it is used to format the block data;
2929: otherwise the first byte is used to specify the X9.31 digest ID.
2930: Sign, verify, and verifyrecover can be performed in this mode.
2931: For pss mode only sign and verify are supported and the digest type must be
2932: specified.
2933: .It rsa_pss_saltlen : Ns Ar len
2934: For pss
2935: mode only this option specifies the salt length.
2936: Two special values are supported:
2937: -1 sets the salt length to the digest length.
2938: When signing -2 sets the salt length to the maximum permissible value.
2939: When verifying -2 causes the salt length to be automatically determined
2940: based on the PSS block structure.
2941: .El
1.62 jmc 2942: .Pp
1.1 jsing 2943: The DSA algorithm supports the sign and verify operations.
2944: Currently there are no additional options other than
2945: .Ar digest .
2946: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2947: .Pp
1.1 jsing 2948: The DH algorithm supports the derive operation
2949: and no additional options.
1.62 jmc 2950: .Pp
1.1 jsing 2951: The EC algorithm supports the sign, verify, and derive operations.
2952: The sign and verify operations use ECDSA and derive uses ECDH.
2953: Currently there are no additional options other than
2954: .Ar digest .
2955: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2956: .It Fl pubin
2957: The input file is a public key.
2958: .It Fl rev
2959: Reverse the order of the input buffer.
2960: .It Fl sigfile Ar file
2961: Signature file (verify operation only).
2962: .It Fl sign
2963: Sign the input data and output the signed result.
2964: This requires a private key.
2965: .It Fl verify
2966: Verify the input data against the signature file and indicate if the
2967: verification succeeded or failed.
2968: .It Fl verifyrecover
2969: Verify the input data and output the recovered data.
2970: .El
1.1 jsing 2971: .Sh PRIME
2972: .Cm openssl prime
2973: .Op Fl bits Ar n
2974: .Op Fl checks Ar n
2975: .Op Fl generate
2976: .Op Fl hex
2977: .Op Fl safe
2978: .Ar p
2979: .Pp
2980: The
2981: .Nm prime
2982: command is used to generate prime numbers,
2983: or to check numbers for primality.
2984: Results are probabilistic:
2985: they have an exceedingly high likelihood of being correct,
2986: but are not guaranteed.
2987: .Pp
2988: The options are as follows:
2989: .Bl -tag -width Ds
2990: .It Fl bits Ar n
2991: Specify the number of bits in the generated prime number.
2992: Must be used in conjunction with
2993: .Fl generate .
2994: .It Fl checks Ar n
2995: Perform a Miller-Rabin probabilistic primality test with
2996: .Ar n
2997: iterations.
2998: The default is 20.
2999: .It Fl generate
3000: Generate a pseudo-random prime number.
3001: Must be used in conjunction with
3002: .Fl bits .
3003: .It Fl hex
3004: Output in hex format.
3005: .It Fl safe
3006: Generate only
3007: .Qq safe
3008: prime numbers
3009: (i.e. a prime p so that (p-1)/2 is also prime).
3010: .It Ar p
3011: Test if number
3012: .Ar p
3013: is prime.
3014: .El
3015: .Sh RAND
1.114 jmc 3016: .Bl -hang -width "openssl rand"
3017: .It Nm openssl rand
3018: .Bk -words
1.1 jsing 3019: .Op Fl base64
3020: .Op Fl hex
3021: .Op Fl out Ar file
3022: .Ar num
1.114 jmc 3023: .Ek
3024: .El
1.1 jsing 3025: .Pp
3026: The
3027: .Nm rand
3028: command outputs
3029: .Ar num
3030: pseudo-random bytes.
3031: .Pp
3032: The options are as follows:
3033: .Bl -tag -width Ds
3034: .It Fl base64
1.81 jmc 3035: Perform base64 encoding on the output.
1.1 jsing 3036: .It Fl hex
3037: Specify hexadecimal output.
3038: .It Fl out Ar file
1.63 jmc 3039: The output file to write to,
3040: or standard output if not specified.
1.1 jsing 3041: .El
3042: .Sh REQ
1.114 jmc 3043: .Bl -hang -width "openssl req"
3044: .It Nm openssl req
3045: .Bk -words
1.115 ! inoguchi 3046: .Op Fl addext Ar ext
1.1 jsing 3047: .Op Fl asn1-kludge
3048: .Op Fl batch
3049: .Op Fl config Ar file
3050: .Op Fl days Ar n
3051: .Op Fl extensions Ar section
3052: .Op Fl in Ar file
1.63 jmc 3053: .Op Fl inform Cm der | pem
1.1 jsing 3054: .Op Fl key Ar keyfile
1.63 jmc 3055: .Op Fl keyform Cm der | pem
1.1 jsing 3056: .Op Fl keyout Ar file
1.28 doug 3057: .Op Fl md4 | md5 | sha1
1.1 jsing 3058: .Op Fl modulus
1.107 inoguchi 3059: .Op Fl multivalue-rdn
1.1 jsing 3060: .Op Fl nameopt Ar option
3061: .Op Fl new
3062: .Op Fl newhdr
3063: .Op Fl newkey Ar arg
3064: .Op Fl no-asn1-kludge
3065: .Op Fl nodes
3066: .Op Fl noout
3067: .Op Fl out Ar file
1.63 jmc 3068: .Op Fl outform Cm der | pem
1.1 jsing 3069: .Op Fl passin Ar arg
3070: .Op Fl passout Ar arg
1.107 inoguchi 3071: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3072: .Op Fl pubkey
3073: .Op Fl reqexts Ar section
3074: .Op Fl reqopt Ar option
3075: .Op Fl set_serial Ar n
1.107 inoguchi 3076: .Op Fl sigopt Ar nm:v
1.1 jsing 3077: .Op Fl subj Ar arg
3078: .Op Fl subject
3079: .Op Fl text
3080: .Op Fl utf8
3081: .Op Fl verbose
3082: .Op Fl verify
3083: .Op Fl x509
1.114 jmc 3084: .Ek
3085: .El
1.1 jsing 3086: .Pp
3087: The
3088: .Nm req
3089: command primarily creates and processes certificate requests
3090: in PKCS#10 format.
3091: It can additionally create self-signed certificates,
3092: for use as root CAs, for example.
3093: .Pp
3094: The options are as follows:
3095: .Bl -tag -width Ds
1.115 ! inoguchi 3096: .It Fl addext Ar ext
! 3097: Add a specific extension to the certificate (if the
! 3098: .Fl x509
! 3099: option is present) or certificate request.
! 3100: The argument must have the form of a key=value pair as it would appear in a
! 3101: config file.
! 3102: This option can be given multiple times.
1.1 jsing 3103: .It Fl asn1-kludge
1.63 jmc 3104: Produce requests in an invalid format for certain picky CAs.
3105: Very few CAs still require the use of this option.
1.1 jsing 3106: .It Fl batch
3107: Non-interactive mode.
3108: .It Fl config Ar file
1.63 jmc 3109: Specify an alternative configuration file.
1.1 jsing 3110: .It Fl days Ar n
1.63 jmc 3111: Specify the number of days to certify the certificate for.
3112: The default is 30 days.
3113: Used with the
1.1 jsing 3114: .Fl x509
1.63 jmc 3115: option.
1.1 jsing 3116: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3117: Specify alternative sections to include certificate
3118: extensions (with
3119: .Fl x509 )
3120: or certificate request extensions,
3121: allowing several different sections to be used in the same configuration file.
1.1 jsing 3122: .It Fl in Ar file
1.63 jmc 3123: The input file to read a request from,
3124: or standard input if not specified.
1.1 jsing 3125: A request is only read if the creation options
3126: .Fl new
3127: and
3128: .Fl newkey
3129: are not specified.
1.63 jmc 3130: .It Fl inform Cm der | pem
3131: The input format.
1.1 jsing 3132: .It Fl key Ar keyfile
1.63 jmc 3133: The file to read the private key from.
1.1 jsing 3134: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3135: .It Fl keyform Cm der | pem
1.1 jsing 3136: The format of the private key file specified in the
3137: .Fl key
3138: argument.
1.81 jmc 3139: The default is
3140: .Cm pem .
1.1 jsing 3141: .It Fl keyout Ar file
1.63 jmc 3142: The file to write the newly created private key to.
3143: If this option is not specified,
3144: the filename present in the configuration file is used.
1.4 sthen 3145: .It Fl md5 | sha1 | sha256
1.63 jmc 3146: The message digest to sign the request with.
1.1 jsing 3147: This overrides the digest algorithm specified in the configuration file.
3148: .Pp
3149: Some public key algorithms may override this choice.
3150: For instance, DSA signatures always use SHA1.
3151: .It Fl modulus
1.63 jmc 3152: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3153: .It Fl multivalue-rdn
3154: This option causes the
3155: .Fl subj
3156: argument to be interpreted with full support for multivalued RDNs,
3157: for example
3158: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3159: If
3160: .Fl multivalue-rdn
3161: is not used, the UID value is set to
3162: .Qq "123456+CN=John Doe" .
1.1 jsing 3163: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3164: Determine how the subject or issuer names are displayed.
1.1 jsing 3165: .Ar option
1.63 jmc 3166: can be a single option or multiple options separated by commas.
1.1 jsing 3167: Alternatively, these options may be used more than once to set multiple options.
3168: See the
3169: .Sx X509
3170: section below for details.
3171: .It Fl new
1.63 jmc 3172: Generate a new certificate request.
3173: The user is prompted for the relevant field values.
1.1 jsing 3174: The actual fields prompted for and their maximum and minimum sizes
3175: are specified in the configuration file and any requested extensions.
3176: .Pp
3177: If the
3178: .Fl key
3179: option is not used, it will generate a new RSA private
3180: key using information specified in the configuration file.
3181: .It Fl newhdr
1.63 jmc 3182: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3183: on the outputted request.
1.63 jmc 3184: Some software and CAs need this.
1.1 jsing 3185: .It Fl newkey Ar arg
1.63 jmc 3186: Create a new certificate request and a new private key.
1.1 jsing 3187: The argument takes one of several forms.
1.63 jmc 3188: .Pp
3189: .No rsa : Ns Ar nbits
3190: generates an RSA key
1.1 jsing 3191: .Ar nbits
3192: in size.
3193: If
3194: .Ar nbits
1.63 jmc 3195: is omitted
3196: the default key size is used.
3197: .Pp
3198: .No dsa : Ns Ar file
3199: generates a DSA key using the parameters in
3200: .Ar file .
3201: .Pp
3202: .No param : Ns Ar file
3203: generates a key using the parameters or certificate in
3204: .Ar file .
3205: .Pp
3206: All other algorithms support the form
3207: .Ar algorithm : Ns Ar file ,
1.1 jsing 3208: where file may be an algorithm parameter file,
3209: created by the
3210: .Cm genpkey -genparam
1.14 jmc 3211: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3212: .Ar file
3213: can be omitted,
3214: in which case any parameters can be specified via the
1.1 jsing 3215: .Fl pkeyopt
3216: option.
3217: .It Fl no-asn1-kludge
1.63 jmc 3218: Reverse the effect of
1.1 jsing 3219: .Fl asn1-kludge .
3220: .It Fl nodes
1.63 jmc 3221: Do not encrypt the private key.
1.1 jsing 3222: .It Fl noout
1.63 jmc 3223: Do not output the encoded version of the request.
1.1 jsing 3224: .It Fl out Ar file
1.63 jmc 3225: The output file to write to,
1.99 jmc 3226: or standard output if not specified.
1.63 jmc 3227: .It Fl outform Cm der | pem
3228: The output format.
1.1 jsing 3229: .It Fl passin Ar arg
3230: The key password source.
3231: .It Fl passout Ar arg
3232: The output file password source.
1.107 inoguchi 3233: .It Fl pkeyopt Ar opt:value
3234: Set the public key algorithm option
3235: .Ar opt
3236: to
3237: .Ar value .
1.1 jsing 3238: .It Fl pubkey
1.63 jmc 3239: Output the public key.
1.1 jsing 3240: .It Fl reqopt Ar option
3241: Customise the output format used with
3242: .Fl text .
3243: The
3244: .Ar option
3245: argument can be a single option or multiple options separated by commas.
1.63 jmc 3246: See also the discussion of
1.1 jsing 3247: .Fl certopt
1.63 jmc 3248: in the
1.1 jsing 3249: .Nm x509
3250: command.
3251: .It Fl set_serial Ar n
3252: Serial number to use when outputting a self-signed certificate.
3253: This may be specified as a decimal value or a hex value if preceded by
3254: .Sq 0x .
3255: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3256: .It Fl sigopt Ar nm:v
3257: Pass options to the signature algorithm during sign operation.
3258: The names and values of these options are algorithm-specific.
1.1 jsing 3259: .It Fl subj Ar arg
1.63 jmc 3260: Replaces the subject field of an input request
3261: with the specified data and output the modified request.
3262: .Ar arg
3263: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3264: characters may be escaped by
3265: .Sq \e
1.63 jmc 3266: (backslash);
1.1 jsing 3267: no spaces are skipped.
3268: .It Fl subject
1.63 jmc 3269: Print the request subject (or certificate subject if
1.1 jsing 3270: .Fl x509
1.63 jmc 3271: is specified).
1.1 jsing 3272: .It Fl text
1.64 jmc 3273: Print the certificate request in plain text.
1.1 jsing 3274: .It Fl utf8
1.63 jmc 3275: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3276: .It Fl verbose
3277: Print extra details about the operations being performed.
3278: .It Fl verify
1.63 jmc 3279: Verify the signature on the request.
1.1 jsing 3280: .It Fl x509
1.63 jmc 3281: Output a self-signed certificate instead of a certificate request.
3282: This is typically used to generate a test certificate or a self-signed root CA.
3283: The extensions added to the certificate (if any)
1.1 jsing 3284: are specified in the configuration file.
3285: Unless specified using the
3286: .Fl set_serial
1.63 jmc 3287: option, 0 is used for the serial number.
1.1 jsing 3288: .El
1.63 jmc 3289: .Pp
1.1 jsing 3290: The configuration options are specified in the
1.63 jmc 3291: .Qq req
1.1 jsing 3292: section of the configuration file.
1.63 jmc 3293: The options available are as follows:
1.1 jsing 3294: .Bl -tag -width "XXXX"
1.63 jmc 3295: .It Cm attributes
3296: The section containing any request attributes: its format
1.1 jsing 3297: is the same as
1.63 jmc 3298: .Cm distinguished_name .
3299: Typically these may contain the challengePassword or unstructuredName types.
3300: They are currently ignored by the
3301: .Nm openssl
1.1 jsing 3302: request signing utilities, but some CAs might want them.
1.63 jmc 3303: .It Cm default_bits
3304: The default key size, in bits.
3305: The default is 2048.
1.1 jsing 3306: It is used if the
3307: .Fl new
1.63 jmc 3308: option is used and can be overridden by using the
1.1 jsing 3309: .Fl newkey
3310: option.
1.63 jmc 3311: .It Cm default_keyfile
3312: The default file to write a private key to,
3313: or standard output if not specified.
3314: It can be overridden by the
1.1 jsing 3315: .Fl keyout
3316: option.
1.63 jmc 3317: .It Cm default_md
3318: The digest algorithm to use.
1.1 jsing 3319: Possible values include
1.63 jmc 3320: .Cm md5 ,
3321: .Cm sha1
1.1 jsing 3322: and
1.63 jmc 3323: .Cm sha256
3324: (the default).
3325: It can be overridden on the command line.
3326: .It Cm distinguished_name
3327: The section containing the distinguished name fields to
1.1 jsing 3328: prompt for when generating a certificate or certificate request.
1.63 jmc 3329: The format is described below.
3330: .It Cm encrypt_key
3331: If set to
3332: .Qq no
3333: and a private key is generated, it is not encrypted.
3334: It is equivalent to the
1.1 jsing 3335: .Fl nodes
1.63 jmc 3336: option.
1.1 jsing 3337: For compatibility,
1.63 jmc 3338: .Cm encrypt_rsa_key
1.1 jsing 3339: is an equivalent option.
1.63 jmc 3340: .It Cm input_password | output_password
3341: The passwords for the input private key file (if present)
3342: and the output private key file (if one will be created).
1.1 jsing 3343: The command line options
3344: .Fl passin
3345: and
3346: .Fl passout
3347: override the configuration file values.
1.63 jmc 3348: .It Cm oid_file
3349: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3350: Each line of the file should consist of the numerical form of the
3351: object identifier, followed by whitespace, then the short name followed
3352: by whitespace and finally the long name.
1.63 jmc 3353: .It Cm oid_section
3354: Specify a section in the configuration file containing extra
1.1 jsing 3355: object identifiers.
3356: Each line should consist of the short name of the
3357: object identifier followed by
3358: .Sq =
3359: and the numerical form.
3360: The short and long names are the same when this option is used.
1.63 jmc 3361: .It Cm prompt
3362: If set to
3363: .Qq no ,
3364: it disables prompting of certificate fields
1.1 jsing 3365: and just takes values from the config file directly.
3366: It also changes the expected format of the
1.63 jmc 3367: .Cm distinguished_name
1.1 jsing 3368: and
1.63 jmc 3369: .Cm attributes
1.1 jsing 3370: sections.
1.63 jmc 3371: .It Cm req_extensions
3372: The configuration file section containing a list of
1.1 jsing 3373: extensions to add to the certificate request.
3374: It can be overridden by the
3375: .Fl reqexts
1.63 jmc 3376: option.
3377: .It Cm string_mask
3378: Limit the string types for encoding certain fields.
1.1 jsing 3379: The following values may be used, limiting strings to the indicated types:
3380: .Bl -tag -width "MASK:number"
1.63 jmc 3381: .It Cm utf8only
3382: UTF8String.
1.1 jsing 3383: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3384: .It Cm default
3385: PrintableString, IA5String, T61String, BMPString, UTF8String.
3386: .It Cm pkix
3387: PrintableString, IA5String, BMPString, UTF8String.
3388: Inspired by the PKIX recommendation in RFC 2459 for certificates
3389: generated before 2004, but differs by also permitting IA5String.
3390: .It Cm nombstr
3391: PrintableString, IA5String, T61String, UniversalString.
3392: A workaround for some ancient software that had problems
3393: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3394: .It Cm MASK : Ns Ar number
1.63 jmc 3395: An explicit bitmask of permitted types, where
1.1 jsing 3396: .Ar number
3397: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3398: .Dv B_ASN1_*
3399: values from
3400: .In openssl/asn1.h .
3401: .El
1.63 jmc 3402: .It Cm utf8
3403: If set to
3404: .Qq yes ,
1.72 jmc 3405: field values are interpreted as UTF8 strings.
1.63 jmc 3406: .It Cm x509_extensions
3407: The configuration file section containing a list of
1.1 jsing 3408: extensions to add to a certificate generated when the
3409: .Fl x509
3410: switch is used.
3411: It can be overridden by the
3412: .Fl extensions
1.72 jmc 3413: command line switch.
1.1 jsing 3414: .El
1.63 jmc 3415: .Pp
1.1 jsing 3416: There are two separate formats for the distinguished name and attribute
3417: sections.
3418: If the
3419: .Fl prompt
3420: option is set to
1.63 jmc 3421: .Qq no ,
1.72 jmc 3422: then these sections just consist of field names and values.
3423: If the
1.1 jsing 3424: .Fl prompt
3425: option is absent or not set to
1.63 jmc 3426: .Qq no ,
1.72 jmc 3427: then the file contains field prompting information of the form:
1.1 jsing 3428: .Bd -unfilled -offset indent
3429: fieldName="prompt"
3430: fieldName_default="default field value"
3431: fieldName_min= 2
3432: fieldName_max= 4
3433: .Ed
3434: .Pp
3435: .Qq fieldName
3436: is the field name being used, for example
1.63 jmc 3437: .Cm commonName
3438: (or CN).
1.1 jsing 3439: The
3440: .Qq prompt
3441: string is used to ask the user to enter the relevant details.
3442: If the user enters nothing, the default value is used;
3443: if no default value is present, the field is omitted.
3444: A field can still be omitted if a default value is present,
3445: if the user just enters the
3446: .Sq \&.
3447: character.
3448: .Pp
3449: The number of characters entered must be between the
1.63 jmc 3450: fieldName_min and fieldName_max limits:
1.1 jsing 3451: there may be additional restrictions based on the field being used
3452: (for example
1.63 jmc 3453: .Cm countryName
1.1 jsing 3454: can only ever be two characters long and must fit in a
1.63 jmc 3455: .Cm PrintableString ) .
1.1 jsing 3456: .Pp
3457: Some fields (such as
1.63 jmc 3458: .Cm organizationName )
1.1 jsing 3459: can be used more than once in a DN.
3460: This presents a problem because configuration files will
3461: not recognize the same name occurring twice.
3462: To avoid this problem, if the
1.63 jmc 3463: .Cm fieldName
1.1 jsing 3464: contains some characters followed by a full stop, they will be ignored.
3465: So, for example, a second
1.63 jmc 3466: .Cm organizationName
1.1 jsing 3467: can be input by calling it
3468: .Qq 1.organizationName .
3469: .Pp
3470: The actual permitted field names are any object identifier short or
3471: long names.
3472: These are compiled into
1.63 jmc 3473: .Nm openssl
1.1 jsing 3474: and include the usual values such as
1.63 jmc 3475: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3476: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3477: Additionally,
1.63 jmc 3478: .Cm emailAddress
1.1 jsing 3479: is included as well as
1.63 jmc 3480: .Cm name , surname , givenName , initials
1.1 jsing 3481: and
1.63 jmc 3482: .Cm dnQualifier .
1.1 jsing 3483: .Pp
3484: Additional object identifiers can be defined with the
1.63 jmc 3485: .Cm oid_file
1.1 jsing 3486: or
1.63 jmc 3487: .Cm oid_section
1.1 jsing 3488: options in the configuration file.
3489: Any additional fields will be treated as though they were a
1.63 jmc 3490: .Cm DirectoryString .
1.1 jsing 3491: .Sh RSA
1.114 jmc 3492: .Bl -hang -width "openssl rsa"
3493: .It Nm openssl rsa
3494: .Bk -words
1.64 jmc 3495: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3496: .Op Fl check
3497: .Op Fl in Ar file
1.108 inoguchi 3498: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 3499: .Op Fl modulus
3500: .Op Fl noout
3501: .Op Fl out Ar file
1.108 inoguchi 3502: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 3503: .Op Fl passin Ar arg
3504: .Op Fl passout Ar arg
3505: .Op Fl pubin
3506: .Op Fl pubout
1.108 inoguchi 3507: .Op Fl pvk-none | pvk-strong | pvk-weak
3508: .Op Fl RSAPublicKey_in
3509: .Op Fl RSAPublicKey_out
1.1 jsing 3510: .Op Fl sgckey
3511: .Op Fl text
1.114 jmc 3512: .Ek
3513: .El
1.1 jsing 3514: .Pp
3515: The
3516: .Nm rsa
3517: command processes RSA keys.
3518: They can be converted between various forms and their components printed out.
1.64 jmc 3519: .Nm rsa
3520: uses the traditional
1.1 jsing 3521: .Nm SSLeay
3522: compatible format for private key encryption:
3523: newer applications should use the more secure PKCS#8 format using the
3524: .Nm pkcs8
3525: utility.
3526: .Pp
3527: The options are as follows:
3528: .Bl -tag -width Ds
1.64 jmc 3529: .It Fl aes128 | aes192 | aes256 | des | des3
3530: Encrypt the private key with the AES, DES,
1.1 jsing 3531: or the triple DES ciphers, respectively, before outputting it.
3532: A pass phrase is prompted for.
3533: If none of these options are specified, the key is written in plain text.
3534: This means that using the
3535: .Nm rsa
3536: utility to read in an encrypted key with no encryption option can be used
3537: to remove the pass phrase from a key, or by setting the encryption options
3538: it can be used to add or change the pass phrase.
3539: These options can only be used with PEM format output files.
3540: .It Fl check
1.64 jmc 3541: Check the consistency of an RSA private key.
1.1 jsing 3542: .It Fl in Ar file
1.64 jmc 3543: The input file to read from,
3544: or standard input if not specified.
1.1 jsing 3545: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 3546: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 3547: The input format.
1.1 jsing 3548: .It Fl noout
1.64 jmc 3549: Do not output the encoded version of the key.
1.1 jsing 3550: .It Fl modulus
1.64 jmc 3551: Print the value of the modulus of the key.
1.1 jsing 3552: .It Fl out Ar file
1.64 jmc 3553: The output file to write to,
3554: or standard output if not specified.
1.108 inoguchi 3555: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 3556: The output format.
1.1 jsing 3557: .It Fl passin Ar arg
3558: The key password source.
3559: .It Fl passout Ar arg
3560: The output file password source.
3561: .It Fl pubin
1.64 jmc 3562: Read in a public key,
3563: not a private key.
1.1 jsing 3564: .It Fl pubout
1.64 jmc 3565: Output a public key,
3566: not a private key.
3567: Automatically set if the input is a public key.
1.108 inoguchi 3568: .It Xo
3569: .Fl pvk-none | pvk-strong | pvk-weak
3570: .Xc
3571: Enable or disable PVK encoding.
3572: The default is
3573: .Fl pvk-strong .
3574: .It Fl RSAPublicKey_in , RSAPublicKey_out
3575: Same as
3576: .Fl pubin
3577: and
3578: .Fl pubout
3579: except
3580: .Cm RSAPublicKey
3581: format is used instead.
1.1 jsing 3582: .It Fl sgckey
1.64 jmc 3583: Use the modified NET algorithm used with some versions of Microsoft IIS
3584: and SGC keys.
1.1 jsing 3585: .It Fl text
1.64 jmc 3586: Print the public/private key components in plain text.
1.1 jsing 3587: .El
3588: .Sh RSAUTL
1.114 jmc 3589: .Bl -hang -width "openssl rsautl"
3590: .It Nm openssl rsautl
3591: .Bk -words
1.1 jsing 3592: .Op Fl asn1parse
3593: .Op Fl certin
3594: .Op Fl decrypt
3595: .Op Fl encrypt
3596: .Op Fl hexdump
3597: .Op Fl in Ar file
3598: .Op Fl inkey Ar file
1.65 jmc 3599: .Op Fl keyform Cm der | pem
1.100 tb 3600: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 3601: .Op Fl out Ar file
1.100 tb 3602: .Op Fl passin Ar arg
1.1 jsing 3603: .Op Fl pubin
1.100 tb 3604: .Op Fl rev
1.1 jsing 3605: .Op Fl sign
3606: .Op Fl verify
1.114 jmc 3607: .Ek
3608: .El
1.1 jsing 3609: .Pp
3610: The
3611: .Nm rsautl
3612: command can be used to sign, verify, encrypt and decrypt
3613: data using the RSA algorithm.
3614: .Pp
3615: The options are as follows:
3616: .Bl -tag -width Ds
3617: .It Fl asn1parse
3618: Asn1parse the output data; this is useful when combined with the
3619: .Fl verify
3620: option.
3621: .It Fl certin
3622: The input is a certificate containing an RSA public key.
3623: .It Fl decrypt
3624: Decrypt the input data using an RSA private key.
3625: .It Fl encrypt
3626: Encrypt the input data using an RSA public key.
3627: .It Fl hexdump
3628: Hex dump the output data.
3629: .It Fl in Ar file
1.65 jmc 3630: The input to read from,
3631: or standard input if not specified.
1.1 jsing 3632: .It Fl inkey Ar file
1.65 jmc 3633: The input key file; by default an RSA private key.
3634: .It Fl keyform Cm der | pem
1.85 tb 3635: The private key format.
1.65 jmc 3636: The default is
3637: .Cm pem .
1.100 tb 3638: .It Fl oaep | pkcs | raw | x931
1.1 jsing 3639: The padding to use:
1.100 tb 3640: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
3641: respectively.
1.1 jsing 3642: For signatures, only
3643: .Fl pkcs
3644: and
3645: .Fl raw
3646: can be used.
3647: .It Fl out Ar file
1.65 jmc 3648: The output file to write to,
3649: or standard output if not specified.
1.100 tb 3650: .It Fl passin Ar arg
3651: The key password source.
1.1 jsing 3652: .It Fl pubin
3653: The input file is an RSA public key.
1.100 tb 3654: .It Fl rev
3655: Reverse the order of the input buffer.
1.1 jsing 3656: .It Fl sign
3657: Sign the input data and output the signed result.
3658: This requires an RSA private key.
3659: .It Fl verify
3660: Verify the input data and output the recovered data.
3661: .El
3662: .Sh S_CLIENT
1.114 jmc 3663: .Bl -hang -width "openssl s_client"
3664: .It Nm openssl s_client
3665: .Bk -words
1.1 jsing 3666: .Op Fl 4 | 6
1.110 inoguchi 3667: .Op Fl alpn Ar protocols
1.1 jsing 3668: .Op Fl bugs
3669: .Op Fl CAfile Ar file
3670: .Op Fl CApath Ar directory
3671: .Op Fl cert Ar file
1.110 inoguchi 3672: .Op Fl certform Cm der | pem
1.1 jsing 3673: .Op Fl check_ss_sig
3674: .Op Fl cipher Ar cipherlist
1.66 jmc 3675: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3676: .Op Fl crl_check
3677: .Op Fl crl_check_all
3678: .Op Fl crlf
3679: .Op Fl debug
1.110 inoguchi 3680: .Op Fl dtls1
1.1 jsing 3681: .Op Fl extended_crl
1.87 jmc 3682: .Op Fl groups
1.110 inoguchi 3683: .Op Fl host Ar host
1.1 jsing 3684: .Op Fl ign_eof
3685: .Op Fl ignore_critical
3686: .Op Fl issuer_checks
3687: .Op Fl key Ar keyfile
1.110 inoguchi 3688: .Op Fl keyform Cm der | pem
3689: .Op Fl keymatexport Ar label
3690: .Op Fl keymatexportlen Ar len
3691: .Op Fl legacy_server_connect
1.1 jsing 3692: .Op Fl msg
1.110 inoguchi 3693: .Op Fl mtu Ar mtu
1.1 jsing 3694: .Op Fl nbio
3695: .Op Fl nbio_test
1.110 inoguchi 3696: .Op Fl no_comp
3697: .Op Fl no_ign_eof
3698: .Op Fl no_legacy_server_connect
1.1 jsing 3699: .Op Fl no_ticket
3700: .Op Fl no_tls1
1.6 guenther 3701: .Op Fl no_tls1_1
3702: .Op Fl no_tls1_2
1.110 inoguchi 3703: .Op Fl pass Ar arg
1.1 jsing 3704: .Op Fl pause
3705: .Op Fl policy_check
1.110 inoguchi 3706: .Op Fl port Ar port
1.1 jsing 3707: .Op Fl prexit
1.11 bluhm 3708: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3709: .Op Fl quiet
3710: .Op Fl reconnect
1.5 jsing 3711: .Op Fl servername Ar name
1.110 inoguchi 3712: .Op Fl serverpref
3713: .Op Fl sess_in Ar file
3714: .Op Fl sess_out Ar file
1.1 jsing 3715: .Op Fl showcerts
3716: .Op Fl starttls Ar protocol
3717: .Op Fl state
1.110 inoguchi 3718: .Op Fl status
3719: .Op Fl timeout
1.1 jsing 3720: .Op Fl tls1
1.31 jmc 3721: .Op Fl tls1_1
3722: .Op Fl tls1_2
1.1 jsing 3723: .Op Fl tlsextdebug
1.110 inoguchi 3724: .Op Fl use_srtp Ar profiles
1.1 jsing 3725: .Op Fl verify Ar depth
1.110 inoguchi 3726: .Op Fl verify_return_error
1.1 jsing 3727: .Op Fl x509_strict
1.19 landry 3728: .Op Fl xmpphost Ar host
1.114 jmc 3729: .Ek
3730: .El
1.1 jsing 3731: .Pp
3732: The
3733: .Nm s_client
3734: command implements a generic SSL/TLS client which connects
3735: to a remote host using SSL/TLS.
1.66 jmc 3736: .Pp
3737: If a connection is established with an SSL server, any data received
3738: from the server is displayed and any key presses will be sent to the
3739: server.
3740: When used interactively (which means neither
3741: .Fl quiet
3742: nor
3743: .Fl ign_eof
3744: have been given), the session will be renegotiated if the line begins with an
3745: .Cm R ;
3746: if the line begins with a
3747: .Cm Q
3748: or if end of file is reached, the connection will be closed down.
1.1 jsing 3749: .Pp
3750: The options are as follows:
3751: .Bl -tag -width Ds
3752: .It Fl 4
1.66 jmc 3753: Attempt connections using IPv4 only.
1.1 jsing 3754: .It Fl 6
1.66 jmc 3755: Attempt connections using IPv6 only.
1.110 inoguchi 3756: .It Fl alpn Ar protocols
3757: Enable the Application-Layer Protocol Negotiation.
3758: .Ar protocols
3759: is a comma-separated list of protocol names that the client should advertise
3760: support for.
1.1 jsing 3761: .It Fl bugs
1.66 jmc 3762: Enable various workarounds for buggy implementations.
1.1 jsing 3763: .It Fl CAfile Ar file
3764: A
3765: .Ar file
3766: containing trusted certificates to use during server authentication
3767: and to use when attempting to build the client certificate chain.
3768: .It Fl CApath Ar directory
3769: The
3770: .Ar directory
3771: to use for server certificate verification.
3772: This directory must be in
3773: .Qq hash format ;
3774: see
3775: .Fl verify
3776: for more information.
3777: These are also used when building the client certificate chain.
3778: .It Fl cert Ar file
3779: The certificate to use, if one is requested by the server.
3780: The default is not to use a certificate.
1.110 inoguchi 3781: .It Fl certform Cm der | pem
3782: The certificate format.
3783: The default is
3784: .Cm pem .
1.1 jsing 3785: .It Xo
3786: .Fl check_ss_sig ,
3787: .Fl crl_check ,
3788: .Fl crl_check_all ,
3789: .Fl extended_crl ,
3790: .Fl ignore_critical ,
3791: .Fl issuer_checks ,
3792: .Fl policy_check ,
3793: .Fl x509_strict
3794: .Xc
3795: Set various certificate chain validation options.
3796: See the
1.66 jmc 3797: .Nm verify
1.1 jsing 3798: command for details.
3799: .It Fl cipher Ar cipherlist
1.66 jmc 3800: Modify the cipher list sent by the client.
1.1 jsing 3801: Although the server determines which cipher suite is used, it should take
3802: the first supported cipher in the list sent by the client.
3803: See the
1.66 jmc 3804: .Nm ciphers
3805: command for more information.
3806: .It Fl connect Ar host Ns Op : Ns Ar port
3807: The
1.1 jsing 3808: .Ar host
1.66 jmc 3809: and
1.1 jsing 3810: .Ar port
3811: to connect to.
3812: If not specified, an attempt is made to connect to the local host
3813: on port 4433.
3814: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3815: character,
3816: which is useful for numeric IPv6 addresses.
1.1 jsing 3817: .It Fl crlf
1.66 jmc 3818: Translate a line feed from the terminal into CR+LF,
3819: as required by some servers.
1.1 jsing 3820: .It Fl debug
1.66 jmc 3821: Print extensive debugging information, including a hex dump of all traffic.
1.110 inoguchi 3822: .It Fl dtls1
3823: Permit only DTLS1.0.
1.87 jmc 3824: .It Fl groups Ar ecgroups
3825: Specify a colon-separated list of permitted EC curve groups.
1.110 inoguchi 3826: .It Fl host Ar host
3827: The
3828: .Ar host
3829: to connect to.
3830: The default is localhost.
1.1 jsing 3831: .It Fl ign_eof
1.66 jmc 3832: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3833: .It Fl key Ar keyfile
3834: The private key to use.
3835: If not specified, the certificate file will be used.
1.110 inoguchi 3836: .It Fl keyform Cm der | pem
3837: The private key format.
3838: The default is
3839: .Cm pem .
3840: .It Fl keymatexport Ar label
3841: Export keying material using label.
3842: .It Fl keymatexportlen Ar len
3843: Export len bytes of keying material (default 20).
3844: .It Fl legacy_server_connect , no_legacy_server_connect
3845: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 3846: .It Fl msg
3847: Show all protocol messages with hex dump.
1.110 inoguchi 3848: .It Fl mtu Ar mtu
3849: Set the link layer MTU.
1.1 jsing 3850: .It Fl nbio
1.66 jmc 3851: Turn on non-blocking I/O.
1.1 jsing 3852: .It Fl nbio_test
1.66 jmc 3853: Test non-blocking I/O.
1.110 inoguchi 3854: .It Fl no_ign_eof
3855: Shut down the connection when end of file is reached in the input.
3856: Can be used to override the implicit
3857: .Fl ign_eof
3858: after
3859: .Fl quiet .
1.31 jmc 3860: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3861: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3862: .It Fl no_ticket
3863: Disable RFC 4507 session ticket support.
1.110 inoguchi 3864: .It Fl pass Ar arg
3865: The private key password source.
1.1 jsing 3866: .It Fl pause
1.66 jmc 3867: Pause 1 second between each read and write call.
1.110 inoguchi 3868: .It Fl port Ar port
3869: The
3870: .Ar port
3871: to connect to.
3872: The default is 4433.
1.1 jsing 3873: .It Fl prexit
3874: Print session information when the program exits.
3875: This will always attempt
3876: to print out information even if the connection fails.
3877: Normally, information will only be printed out once if the connection succeeds.
3878: This option is useful because the cipher in use may be renegotiated
3879: or the connection may fail because a client certificate is required or is
3880: requested only after an attempt is made to access a certain URL.
1.66 jmc 3881: Note that the output produced by this option is not always accurate
3882: because a connection might never have been established.
1.11 bluhm 3883: .It Fl proxy Ar host : Ns Ar port
3884: Use the HTTP proxy at
3885: .Ar host
3886: and
3887: .Ar port .
3888: The connection to the proxy is done in cleartext and the
3889: .Fl connect
3890: argument is given to the proxy.
3891: If not specified, localhost is used as final destination.
3892: After that, switch the connection through the proxy to the destination
3893: to TLS.
1.1 jsing 3894: .It Fl quiet
3895: Inhibit printing of session and certificate information.
3896: This implicitly turns on
3897: .Fl ign_eof
3898: as well.
3899: .It Fl reconnect
1.66 jmc 3900: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3901: be used as a test that session caching is working.
1.5 jsing 3902: .It Fl servername Ar name
3903: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3904: message, using the specified server
3905: .Ar name .
1.1 jsing 3906: .It Fl showcerts
3907: Display the whole server certificate chain: normally only the server
3908: certificate itself is displayed.
1.110 inoguchi 3909: .It Fl serverpref
3910: Use the server's cipher preferences.
3911: .It Fl sess_in Ar file
3912: Load TLS session from file.
3913: The client will attempt to resume a connection from this session.
3914: .It Fl sess_out Ar file
3915: Output TLS session to file.
1.1 jsing 3916: .It Fl starttls Ar protocol
1.66 jmc 3917: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3918: .Ar protocol
3919: is a keyword for the intended protocol.
3920: Currently, the supported keywords are
3921: .Qq ftp ,
3922: .Qq imap ,
3923: .Qq smtp ,
3924: .Qq pop3 ,
3925: and
3926: .Qq xmpp .
3927: .It Fl state
1.66 jmc 3928: Print the SSL session states.
1.110 inoguchi 3929: .It Fl status
3930: Send a certificate status request to the server (OCSP stapling).
3931: The server response (if any) is printed out.
3932: .It Fl timeout
3933: Enable send/receive timeout on DTLS connections.
1.31 jmc 3934: .It Fl tls1 | tls1_1 | tls1_2
3935: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3936: .It Fl tlsextdebug
1.66 jmc 3937: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 3938: .It Fl use_srtp Ar profiles
3939: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 3940: .It Fl verify Ar depth
1.66 jmc 3941: Turn on server certificate verification,
3942: with a maximum length of
3943: .Ar depth .
1.1 jsing 3944: Currently the verify operation continues after errors so all the problems
3945: with a certificate chain can be seen.
3946: As a side effect the connection will never fail due to a server
3947: certificate verify failure.
1.110 inoguchi 3948: .It Fl verify_return_error
3949: Return verification error.
1.19 landry 3950: .It Fl xmpphost Ar hostname
1.66 jmc 3951: When used with
1.19 landry 3952: .Fl starttls Ar xmpp ,
1.66 jmc 3953: specify the host for the "to" attribute of the stream element.
1.19 landry 3954: If this option is not specified then the host specified with
3955: .Fl connect
3956: will be used.
1.1 jsing 3957: .El
3958: .Sh S_SERVER
1.114 jmc 3959: .Bl -hang -width "openssl s_server"
3960: .It Nm openssl s_server
3961: .Bk -words
1.1 jsing 3962: .Op Fl accept Ar port
1.111 inoguchi 3963: .Op Fl alpn Ar protocols
1.1 jsing 3964: .Op Fl bugs
3965: .Op Fl CAfile Ar file
3966: .Op Fl CApath Ar directory
3967: .Op Fl cert Ar file
1.111 inoguchi 3968: .Op Fl cert2 Ar file
3969: .Op Fl certform Cm der | pem
1.1 jsing 3970: .Op Fl cipher Ar cipherlist
3971: .Op Fl context Ar id
3972: .Op Fl crl_check
3973: .Op Fl crl_check_all
3974: .Op Fl crlf
3975: .Op Fl dcert Ar file
1.111 inoguchi 3976: .Op Fl dcertform Cm der | pem
1.1 jsing 3977: .Op Fl debug
3978: .Op Fl dhparam Ar file
3979: .Op Fl dkey Ar file
1.111 inoguchi 3980: .Op Fl dkeyform Cm der | pem
3981: .Op Fl dpass Ar arg
3982: .Op Fl dtls1
1.1 jsing 3983: .Op Fl HTTP
3984: .Op Fl id_prefix Ar arg
3985: .Op Fl key Ar keyfile
1.111 inoguchi 3986: .Op Fl key2 Ar keyfile
3987: .Op Fl keyform Cm der | pem
3988: .Op Fl keymatexport Ar label
3989: .Op Fl keymatexportlen Ar len
1.1 jsing 3990: .Op Fl msg
1.111 inoguchi 3991: .Op Fl mtu Ar mtu
3992: .Op Fl named_curve Ar arg
1.1 jsing 3993: .Op Fl nbio
3994: .Op Fl nbio_test
1.111 inoguchi 3995: .Op Fl no_cache
1.1 jsing 3996: .Op Fl no_dhe
1.111 inoguchi 3997: .Op Fl no_ecdhe
3998: .Op Fl no_ticket
1.1 jsing 3999: .Op Fl no_tls1
1.6 guenther 4000: .Op Fl no_tls1_1
4001: .Op Fl no_tls1_2
1.1 jsing 4002: .Op Fl no_tmp_rsa
4003: .Op Fl nocert
1.111 inoguchi 4004: .Op Fl pass Ar arg
1.1 jsing 4005: .Op Fl quiet
1.111 inoguchi 4006: .Op Fl servername Ar name
4007: .Op Fl servername_fatal
1.1 jsing 4008: .Op Fl serverpref
4009: .Op Fl state
1.111 inoguchi 4010: .Op Fl status
4011: .Op Fl status_timeout Ar nsec
4012: .Op Fl status_url Ar url
4013: .Op Fl status_verbose
4014: .Op Fl timeout
1.1 jsing 4015: .Op Fl tls1
1.31 jmc 4016: .Op Fl tls1_1
4017: .Op Fl tls1_2
1.111 inoguchi 4018: .Op Fl tlsextdebug
4019: .Op Fl use_srtp Ar profiles
1.1 jsing 4020: .Op Fl Verify Ar depth
4021: .Op Fl verify Ar depth
1.111 inoguchi 4022: .Op Fl verify_return_error
1.1 jsing 4023: .Op Fl WWW
4024: .Op Fl www
1.114 jmc 4025: .Ek
4026: .El
1.1 jsing 4027: .Pp
4028: The
4029: .Nm s_server
4030: command implements a generic SSL/TLS server which listens
4031: for connections on a given port using SSL/TLS.
4032: .Pp
1.67 jmc 4033: If a connection request is established with a client and neither the
4034: .Fl www
4035: nor the
4036: .Fl WWW
4037: option has been used, then any data received
4038: from the client is displayed and any key presses are sent to the client.
4039: Certain single letter commands perform special operations:
4040: .Pp
4041: .Bl -tag -width "XXXX" -compact
4042: .It Ic P
4043: Send plain text, which should cause the client to disconnect.
4044: .It Ic Q
4045: End the current SSL connection and exit.
4046: .It Ic q
4047: End the current SSL connection, but still accept new connections.
4048: .It Ic R
4049: Renegotiate the SSL session and request a client certificate.
4050: .It Ic r
4051: Renegotiate the SSL session.
4052: .It Ic S
4053: Print out some session cache status information.
4054: .El
4055: .Pp
1.1 jsing 4056: The options are as follows:
4057: .Bl -tag -width Ds
1.113 inoguchi 4058: .It Fl accept Ar port
1.67 jmc 4059: Listen on TCP
1.1 jsing 4060: .Ar port
1.67 jmc 4061: for connections.
4062: The default is port 4433.
1.111 inoguchi 4063: .It Fl alpn Ar protocols
4064: Enable the Application-Layer Protocol Negotiation.
4065: .Ar protocols
4066: is a comma-separated list of supported protocol names.
1.1 jsing 4067: .It Fl bugs
1.67 jmc 4068: Enable various workarounds for buggy implementations.
1.1 jsing 4069: .It Fl CAfile Ar file
1.67 jmc 4070: A
4071: .Ar file
4072: containing trusted certificates to use during client authentication
1.1 jsing 4073: and to use when attempting to build the server certificate chain.
4074: The list is also used in the list of acceptable client CAs passed to the
4075: client when a certificate is requested.
4076: .It Fl CApath Ar directory
4077: The
4078: .Ar directory
4079: to use for client certificate verification.
4080: This directory must be in
4081: .Qq hash format ;
4082: see
4083: .Fl verify
4084: for more information.
4085: These are also used when building the server certificate chain.
4086: .It Fl cert Ar file
1.67 jmc 4087: The certificate to use: most server's cipher suites require the use of a
4088: certificate and some require a certificate with a certain public key type.
4089: For example, the DSS cipher suites require a certificate containing a DSS
4090: (DSA) key.
1.1 jsing 4091: If not specified, the file
4092: .Pa server.pem
4093: will be used.
1.111 inoguchi 4094: .It Fl cert2 Ar file
4095: The certificate to use for servername.
4096: .It Fl certform Cm der | pem
4097: The certificate format.
4098: The default is
4099: .Cm pem .
1.1 jsing 4100: .It Fl cipher Ar cipherlist
1.67 jmc 4101: Modify the cipher list used by the server.
1.1 jsing 4102: This allows the cipher list used by the server to be modified.
4103: When the client sends a list of supported ciphers, the first client cipher
4104: also included in the server list is used.
4105: Because the client specifies the preference order, the order of the server
4106: cipherlist is irrelevant.
4107: See the
1.67 jmc 4108: .Nm ciphers
4109: command for more information.
1.1 jsing 4110: .It Fl context Ar id
1.67 jmc 4111: Set the SSL context ID.
1.1 jsing 4112: It can be given any string value.
4113: .It Fl crl_check , crl_check_all
4114: Check the peer certificate has not been revoked by its CA.
4115: The CRLs are appended to the certificate file.
4116: .Fl crl_check_all
1.67 jmc 4117: checks all CRLs of all CAs in the chain.
1.1 jsing 4118: .It Fl crlf
1.67 jmc 4119: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4120: .It Fl dcert Ar file , Fl dkey Ar file
4121: Specify an additional certificate and private key; these behave in the
4122: same manner as the
4123: .Fl cert
4124: and
4125: .Fl key
4126: options except there is no default if they are not specified
1.67 jmc 4127: (no additional certificate or key is used).
1.1 jsing 4128: By using RSA and DSS certificates and keys,
4129: a server can support clients which only support RSA or DSS cipher suites
4130: by using an appropriate certificate.
1.111 inoguchi 4131: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4132: Additional certificate and private key format, and private key password source,
4133: respectively.
1.1 jsing 4134: .It Fl debug
1.67 jmc 4135: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4136: .It Fl dhparam Ar file
4137: The DH parameter file to use.
4138: The ephemeral DH cipher suites generate keys
4139: using a set of DH parameters.
4140: If not specified, an attempt is made to
4141: load the parameters from the server certificate file.
4142: If this fails, a static set of parameters hard coded into the
4143: .Nm s_server
4144: program will be used.
1.111 inoguchi 4145: .It Fl dtls1
4146: Permit only DTLS1.0.
1.1 jsing 4147: .It Fl HTTP
1.67 jmc 4148: Emulate a simple web server.
4149: Pages are resolved relative to the current directory.
4150: For example if the URL
1.1 jsing 4151: .Pa https://myhost/page.html
4152: is requested, the file
4153: .Pa ./page.html
4154: will be loaded.
4155: The files loaded are assumed to contain a complete and correct HTTP
4156: response (lines that are part of the HTTP response line and headers
4157: must end with CRLF).
4158: .It Fl id_prefix Ar arg
4159: Generate SSL/TLS session IDs prefixed by
4160: .Ar arg .
4161: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4162: that wish to deal with multiple servers,
4163: when each of which might be generating a unique range of session IDs.
1.1 jsing 4164: .It Fl key Ar keyfile
4165: The private key to use.
4166: If not specified, the certificate file will be used.
1.111 inoguchi 4167: .It Fl key2 Ar keyfile
4168: The private key to use for servername.
4169: .It Fl keyform Cm der | pem
4170: The private key format.
4171: The default is
4172: .Cm pem .
4173: .It Fl keymatexport Ar label
4174: Export keying material using label.
4175: .It Fl keymatexportlen Ar len
4176: Export len bytes of keying material (default 20).
1.1 jsing 4177: .It Fl msg
4178: Show all protocol messages with hex dump.
1.111 inoguchi 4179: .It Fl mtu Ar mtu
4180: Set the link layer MTU.
4181: .It Fl named_curve Ar arg
4182: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.1 jsing 4183: .It Fl nbio
1.67 jmc 4184: Turn on non-blocking I/O.
1.1 jsing 4185: .It Fl nbio_test
1.67 jmc 4186: Test non-blocking I/O.
1.111 inoguchi 4187: .It Fl no_cache
4188: Disable session caching.
1.1 jsing 4189: .It Fl no_dhe
1.67 jmc 4190: Disable ephemeral DH cipher suites.
1.111 inoguchi 4191: .It Fl no_ecdhe
4192: Disable ephemeral ECDH cipher suites.
4193: .It Fl no_ticket
4194: Disable RFC 4507 session ticket support.
1.31 jmc 4195: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 4196: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 4197: .It Fl no_tmp_rsa
1.67 jmc 4198: Disable temporary RSA key generation.
1.1 jsing 4199: .It Fl nocert
1.67 jmc 4200: Do not use a certificate.
1.1 jsing 4201: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4202: (currently just anonymous DH).
1.111 inoguchi 4203: .It Fl pass Ar arg
4204: The private key password source.
1.1 jsing 4205: .It Fl quiet
4206: Inhibit printing of session and certificate information.
1.111 inoguchi 4207: .It Fl servername Ar name
4208: Set the TLS Server Name Indication (SNI) extension with
4209: .Ar name .
4210: .It Fl servername_fatal
4211: Send fatal alert if servername does not match.
4212: The default is warning alert.
1.1 jsing 4213: .It Fl serverpref
4214: Use server's cipher preferences.
4215: .It Fl state
1.67 jmc 4216: Print the SSL session states.
1.111 inoguchi 4217: .It Fl status
4218: Enables certificate status request support (OCSP stapling).
4219: .It Fl status_timeout Ar nsec
4220: Sets the timeout for OCSP response in seconds.
4221: .It Fl status_url Ar url
4222: Sets a fallback responder URL to use if no responder URL is present in the
4223: server certificate.
4224: Without this option, an error is returned if the server certificate does not
4225: contain a responder address.
4226: .It Fl status_verbose
4227: Enables certificate status request support (OCSP stapling) and gives a verbose
4228: printout of the OCSP response.
4229: .It Fl timeout
4230: Enable send/receive timeout on DTLS connections.
1.31 jmc 4231: .It Fl tls1 | tls1_1 | tls1_2
4232: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.111 inoguchi 4233: .It Fl tlsextdebug
4234: Print a hex dump of any TLS extensions received from the server.
4235: .It Fl use_srtp Ar profiles
4236: Offer SRTP key management with a colon-separated profile list.
4237: .It Fl verify_return_error
4238: Return verification error.
1.1 jsing 4239: .It Fl WWW
1.67 jmc 4240: Emulate a simple web server.
4241: Pages are resolved relative to the current directory.
4242: For example if the URL
1.1 jsing 4243: .Pa https://myhost/page.html
4244: is requested, the file
4245: .Pa ./page.html
4246: will be loaded.
4247: .It Fl www
1.67 jmc 4248: Send a status message to the client when it connects,
4249: including information about the ciphers used and various session parameters.
1.1 jsing 4250: The output is in HTML format so this option will normally be used with a
4251: web browser.
4252: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4253: Request a certificate chain from the client,
4254: with a maximum length of
4255: .Ar depth .
4256: With
4257: .Fl Verify ,
4258: the client must supply a certificate or an error occurs;
4259: with
4260: .Fl verify ,
4261: a certificate is requested but the client does not have to send one.
1.1 jsing 4262: .El
4263: .Sh S_TIME
1.114 jmc 4264: .Bl -hang -width "openssl s_time"
4265: .It Nm openssl s_time
4266: .Bk -words
1.1 jsing 4267: .Op Fl bugs
4268: .Op Fl CAfile Ar file
4269: .Op Fl CApath Ar directory
4270: .Op Fl cert Ar file
4271: .Op Fl cipher Ar cipherlist
1.68 jmc 4272: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4273: .Op Fl key Ar keyfile
4274: .Op Fl nbio
4275: .Op Fl new
1.20 lteo 4276: .Op Fl no_shutdown
1.1 jsing 4277: .Op Fl reuse
4278: .Op Fl time Ar seconds
4279: .Op Fl verify Ar depth
4280: .Op Fl www Ar page
1.114 jmc 4281: .Ek
4282: .El
1.1 jsing 4283: .Pp
4284: The
1.68 jmc 4285: .Nm s_time
1.1 jsing 4286: command implements a generic SSL/TLS client which connects to a
4287: remote host using SSL/TLS.
4288: It can request a page from the server and includes
4289: the time to transfer the payload data in its timing measurements.
4290: It measures the number of connections within a given timeframe,
4291: the amount of data transferred
4292: .Pq if any ,
4293: and calculates the average time spent for one connection.
4294: .Pp
4295: The options are as follows:
4296: .Bl -tag -width Ds
4297: .It Fl bugs
1.68 jmc 4298: Enable various workarounds for buggy implementations.
1.1 jsing 4299: .It Fl CAfile Ar file
1.68 jmc 4300: A
4301: .Ar file
4302: containing trusted certificates to use during server authentication
1.1 jsing 4303: and to use when attempting to build the client certificate chain.
4304: .It Fl CApath Ar directory
4305: The directory to use for server certificate verification.
4306: This directory must be in
4307: .Qq hash format ;
4308: see
4309: .Nm verify
4310: for more information.
4311: These are also used when building the client certificate chain.
4312: .It Fl cert Ar file
4313: The certificate to use, if one is requested by the server.
4314: The default is not to use a certificate.
4315: .It Fl cipher Ar cipherlist
1.68 jmc 4316: Modify the cipher list sent by the client.
1.1 jsing 4317: Although the server determines which cipher suite is used,
4318: it should take the first supported cipher in the list sent by the client.
4319: See the
4320: .Nm ciphers
4321: command for more information.
1.68 jmc 4322: .It Fl connect Ar host Ns Op : Ns Ar port
4323: The host and port to connect to.
1.1 jsing 4324: .It Fl key Ar keyfile
4325: The private key to use.
4326: If not specified, the certificate file will be used.
4327: .It Fl nbio
1.68 jmc 4328: Turn on non-blocking I/O.
1.1 jsing 4329: .It Fl new
1.68 jmc 4330: Perform the timing test using a new session ID for each connection.
1.1 jsing 4331: If neither
4332: .Fl new
4333: nor
4334: .Fl reuse
4335: are specified,
4336: they are both on by default and executed in sequence.
1.20 lteo 4337: .It Fl no_shutdown
1.21 jmc 4338: Shut down the connection without sending a
1.68 jmc 4339: .Qq close notify
1.20 lteo 4340: shutdown alert to the server.
1.1 jsing 4341: .It Fl reuse
1.68 jmc 4342: Perform the timing test using the same session ID for each connection.
1.1 jsing 4343: If neither
4344: .Fl new
4345: nor
4346: .Fl reuse
4347: are specified,
4348: they are both on by default and executed in sequence.
4349: .It Fl time Ar seconds
1.68 jmc 4350: Limit
1.1 jsing 4351: .Nm s_time
1.68 jmc 4352: benchmarks to the number of
4353: .Ar seconds .
1.1 jsing 4354: The default is 30 seconds.
4355: .It Fl verify Ar depth
1.68 jmc 4356: Turn on server certificate verification,
4357: with a maximum length of
4358: .Ar depth .
1.1 jsing 4359: Currently the verify operation continues after errors, so all the problems
4360: with a certificate chain can be seen.
4361: As a side effect,
4362: the connection will never fail due to a server certificate verify failure.
4363: .It Fl www Ar page
1.68 jmc 4364: The page to GET from the server.
1.1 jsing 4365: A value of
4366: .Sq /
4367: gets the index.htm[l] page.
4368: If this parameter is not specified,
4369: .Nm s_time
4370: will only perform the handshake to establish SSL connections
4371: but not transfer any payload data.
4372: .El
4373: .Sh SESS_ID
1.114 jmc 4374: .Bl -hang -width "openssl sess_id"
4375: .It Nm openssl sess_id
4376: .Bk -words
1.1 jsing 4377: .Op Fl cert
4378: .Op Fl context Ar ID
4379: .Op Fl in Ar file
1.69 jmc 4380: .Op Fl inform Cm der | pem
1.1 jsing 4381: .Op Fl noout
4382: .Op Fl out Ar file
1.69 jmc 4383: .Op Fl outform Cm der | pem
1.1 jsing 4384: .Op Fl text
1.114 jmc 4385: .Ek
4386: .El
1.1 jsing 4387: .Pp
4388: The
4389: .Nm sess_id
4390: program processes the encoded version of the SSL session structure and
4391: optionally prints out SSL session details
1.69 jmc 4392: (for example the SSL session master key)
1.72 jmc 4393: in human-readable format.
1.1 jsing 4394: .Pp
4395: The options are as follows:
4396: .Bl -tag -width Ds
4397: .It Fl cert
4398: If a certificate is present in the session,
4399: it will be output using this option;
4400: if the
4401: .Fl text
4402: option is also present, then it will be printed out in text form.
4403: .It Fl context Ar ID
1.69 jmc 4404: Set the session
1.1 jsing 4405: .Ar ID .
1.69 jmc 4406: The ID can be any string of characters.
1.1 jsing 4407: .It Fl in Ar file
1.69 jmc 4408: The input file to read from,
4409: or standard input if not specified.
4410: .It Fl inform Cm der | pem
4411: The input format.
4412: .Cm der
1.84 jmc 4413: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4414: The precise format can vary from one version to the next.
1.69 jmc 4415: .Cm pem
4416: is the default format: it consists of the DER
1.1 jsing 4417: format base64-encoded with additional header and footer lines.
4418: .It Fl noout
1.69 jmc 4419: Do not output the encoded version of the session.
1.1 jsing 4420: .It Fl out Ar file
1.69 jmc 4421: The output file to write to,
4422: or standard output if not specified.
4423: .It Fl outform Cm der | pem
4424: The output format.
1.1 jsing 4425: .It Fl text
1.69 jmc 4426: Print the various public or private key components in plain text,
4427: in addition to the encoded version.
1.1 jsing 4428: .El
4429: .Pp
1.69 jmc 4430: The output of
4431: .Nm sess_id
4432: is composed as follows:
1.1 jsing 4433: .Pp
1.69 jmc 4434: .Bl -tag -width "Verify return code " -offset 3n -compact
4435: .It Protocol
4436: The protocol in use.
4437: .It Cipher
4438: The actual raw SSL or TLS cipher code.
4439: .It Session-ID
4440: The SSL session ID, in hex format.
4441: .It Session-ID-ctx
4442: The session ID context, in hex format.
4443: .It Master-Key
4444: The SSL session master key.
4445: .It Key-Arg
1.1 jsing 4446: The key argument; this is only used in SSL v2.
1.69 jmc 4447: .It Start Time
4448: The session start time.
1.1 jsing 4449: .Ux
4450: format.
1.69 jmc 4451: .It Timeout
4452: The timeout, in seconds.
4453: .It Verify return code
4454: The return code when a certificate is verified.
1.1 jsing 4455: .El
4456: .Pp
4457: Since the SSL session output contains the master key, it is possible to read
4458: the contents of an encrypted session using this information.
4459: Therefore appropriate security precautions
4460: should be taken if the information is being output by a
4461: .Qq real
4462: application.
4463: This is, however, strongly discouraged and should only be used for
4464: debugging purposes.
4465: .Sh SMIME
1.114 jmc 4466: .Bl -hang -width "openssl smime"
4467: .It Nm openssl smime
4468: .Bk -words
1.1 jsing 4469: .Oo
4470: .Fl aes128 | aes192 | aes256 | des |
4471: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4472: .Oc
4473: .Op Fl binary
4474: .Op Fl CAfile Ar file
4475: .Op Fl CApath Ar directory
4476: .Op Fl certfile Ar file
4477: .Op Fl check_ss_sig
4478: .Op Fl content Ar file
4479: .Op Fl crl_check
4480: .Op Fl crl_check_all
4481: .Op Fl decrypt
4482: .Op Fl encrypt
4483: .Op Fl extended_crl
4484: .Op Fl from Ar addr
4485: .Op Fl ignore_critical
4486: .Op Fl in Ar file
4487: .Op Fl indef
1.70 jmc 4488: .Op Fl inform Cm der | pem | smime
1.1 jsing 4489: .Op Fl inkey Ar file
4490: .Op Fl issuer_checks
1.112 inoguchi 4491: .Op Fl keyform Cm der | pem
1.1 jsing 4492: .Op Fl md Ar digest
4493: .Op Fl noattr
4494: .Op Fl nocerts
4495: .Op Fl nochain
4496: .Op Fl nodetach
4497: .Op Fl noindef
4498: .Op Fl nointern
4499: .Op Fl nosigs
1.108 inoguchi 4500: .Op Fl nosmimecap
1.1 jsing 4501: .Op Fl noverify
4502: .Op Fl out Ar file
1.70 jmc 4503: .Op Fl outform Cm der | pem | smime
1.1 jsing 4504: .Op Fl passin Ar arg
4505: .Op Fl pk7out
4506: .Op Fl policy_check
4507: .Op Fl recip Ar file
4508: .Op Fl resign
4509: .Op Fl sign
4510: .Op Fl signer Ar file
4511: .Op Fl stream
4512: .Op Fl subject Ar s
4513: .Op Fl text
4514: .Op Fl to Ar addr
4515: .Op Fl verify
4516: .Op Fl x509_strict
4517: .Op Ar cert.pem ...
1.114 jmc 4518: .Ek
4519: .El
1.1 jsing 4520: .Pp
4521: The
4522: .Nm smime
1.70 jmc 4523: command handles S/MIME mail.
4524: It can encrypt, decrypt, sign, and verify S/MIME messages.
4525: .Pp
4526: The MIME message must be sent without any blank lines between the
4527: headers and the output.
4528: Some mail programs will automatically add a blank line.
4529: Piping the mail directly to an MTA is one way to
4530: achieve the correct format.
4531: .Pp
4532: The supplied message to be signed or encrypted must include the necessary
4533: MIME headers or many S/MIME clients won't display it properly (if at all).
4534: Use the
4535: .Fl text
4536: option to automatically add plain text headers.
1.1 jsing 4537: .Pp
1.70 jmc 4538: A
4539: .Qq signed and encrypted
4540: message is one where a signed message is then encrypted.
4541: This can be produced by encrypting an already signed message.
1.1 jsing 4542: .Pp
1.70 jmc 4543: There are a number of operations that can be performed, as follows:
1.1 jsing 4544: .Bl -tag -width "XXXX"
4545: .It Fl decrypt
4546: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4547: The input file is an encrypted mail message in MIME format.
1.1 jsing 4548: The decrypted mail is written to the output file.
4549: .It Fl encrypt
4550: Encrypt mail for the given recipient certificates.
1.70 jmc 4551: The input is the message to be encrypted.
4552: The output file is the encrypted mail, in MIME format.
1.1 jsing 4553: .It Fl pk7out
1.70 jmc 4554: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4555: .It Fl resign
4556: Resign a message: take an existing message and one or more new signers.
4557: .It Fl sign
4558: Sign mail using the supplied certificate and private key.
1.70 jmc 4559: The input file is the message to be signed.
4560: The signed message, in MIME format, is written to the output file.
1.1 jsing 4561: .It Fl verify
4562: Verify signed mail.
1.70 jmc 4563: The input is a signed mail message and the output is the signed data.
1.1 jsing 4564: Both clear text and opaque signing is supported.
4565: .El
4566: .Pp
1.14 jmc 4567: The remaining options are as follows:
1.1 jsing 4568: .Bl -tag -width "XXXX"
4569: .It Xo
4570: .Fl aes128 | aes192 | aes256 | des |
4571: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4572: .Xc
4573: The encryption algorithm to use.
1.70 jmc 4574: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4575: or 40-, 64-, or 128-bit RC2, respectively;
4576: if not specified, 40-bit RC2 is
4577: used.
4578: Only used with
4579: .Fl encrypt .
4580: .It Fl binary
4581: Normally, the input message is converted to
4582: .Qq canonical
1.70 jmc 4583: format which uses CR/LF as end of line,
4584: as required by the S/MIME specification.
1.1 jsing 4585: When this option is present no translation occurs.
1.70 jmc 4586: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4587: .It Fl CAfile Ar file
4588: A
4589: .Ar file
4590: containing trusted CA certificates; only used with
4591: .Fl verify .
4592: .It Fl CApath Ar directory
4593: A
4594: .Ar directory
4595: containing trusted CA certificates; only used with
4596: .Fl verify .
4597: This directory must be a standard certificate directory:
4598: that is, a hash of each subject name (using
4599: .Nm x509 -hash )
4600: should be linked to each certificate.
4601: .It Ar cert.pem ...
4602: One or more certificates of message recipients: used when encrypting
4603: a message.
4604: .It Fl certfile Ar file
4605: Allows additional certificates to be specified.
4606: When signing, these will be included with the message.
4607: When verifying, these will be searched for the signers' certificates.
4608: The certificates should be in PEM format.
4609: .It Xo
4610: .Fl check_ss_sig ,
4611: .Fl crl_check ,
4612: .Fl crl_check_all ,
4613: .Fl extended_crl ,
4614: .Fl ignore_critical ,
4615: .Fl issuer_checks ,
4616: .Fl policy_check ,
4617: .Fl x509_strict
4618: .Xc
4619: Set various certificate chain validation options.
4620: See the
1.70 jmc 4621: .Nm verify
1.1 jsing 4622: command for details.
4623: .It Fl content Ar file
1.70 jmc 4624: A file containing the detached content.
1.1 jsing 4625: This is only useful with the
4626: .Fl verify
1.70 jmc 4627: option,
4628: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4629: signature form where the content is not included.
1.70 jmc 4630: This option will override any content if the input format is S/MIME
4631: and it uses the multipart/signed MIME content type.
1.1 jsing 4632: .It Xo
4633: .Fl from Ar addr ,
4634: .Fl subject Ar s ,
4635: .Fl to Ar addr
4636: .Xc
4637: The relevant mail headers.
4638: These are included outside the signed
4639: portion of a message so they may be included manually.
1.70 jmc 4640: When signing, many S/MIME
1.1 jsing 4641: mail clients check that the signer's certificate email
4642: address matches the From: address.
4643: .It Fl in Ar file
1.70 jmc 4644: The input file to read from.
1.1 jsing 4645: .It Fl indef
4646: Enable streaming I/O for encoding operations.
4647: This permits single pass processing of data without
4648: the need to hold the entire contents in memory,
4649: potentially supporting very large files.
4650: Streaming is automatically set for S/MIME signing with detached
4651: data if the output format is SMIME;
4652: it is currently off by default for all other operations.
1.70 jmc 4653: .It Fl inform Cm der | pem | smime
4654: The input format.
1.1 jsing 4655: .It Fl inkey Ar file
1.70 jmc 4656: The private key to use when signing or decrypting,
4657: which must match the corresponding certificate.
1.1 jsing 4658: If this option is not specified, the private key must be included
4659: in the certificate file specified with
4660: the
4661: .Fl recip
4662: or
4663: .Fl signer
4664: file.
4665: When signing,
4666: this option can be used multiple times to specify successive keys.
1.112 inoguchi 4667: .It Fl keyform Cm der | pem
1.1 jsing 4668: Input private key format.
1.112 inoguchi 4669: The default is
4670: .Cm pem .
1.1 jsing 4671: .It Fl md Ar digest
4672: The digest algorithm to use when signing or resigning.
4673: If not present then the default digest algorithm for the signing key is used
4674: (usually SHA1).
4675: .It Fl noattr
1.70 jmc 4676: Do not include attributes.
1.1 jsing 4677: .It Fl nocerts
1.70 jmc 4678: Do not include the signer's certificate.
1.1 jsing 4679: This will reduce the size of the signed message but the verifier must
4680: have a copy of the signer's certificate available locally (passed using the
4681: .Fl certfile
4682: option, for example).
4683: .It Fl nochain
4684: Do not do chain verification of signers' certificates: that is,
4685: don't use the certificates in the signed message as untrusted CAs.
4686: .It Fl nodetach
4687: When signing a message use opaque signing: this form is more resistant
4688: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4689: do not support S/MIME.
4690: Without this option cleartext signing with the MIME type
4691: multipart/signed is used.
1.1 jsing 4692: .It Fl noindef
1.70 jmc 4693: Disable streaming I/O where it would produce an encoding of indefinite length
4694: (currently has no effect).
1.1 jsing 4695: .It Fl nointern
1.70 jmc 4696: Only use certificates specified in the
4697: .Fl certfile .
4698: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4699: .It Fl nosigs
1.70 jmc 4700: Do not try to verify the signatures on the message.
1.108 inoguchi 4701: .It Fl nosmimecap
4702: Exclude the list of supported algorithms from signed attributes,
4703: other options such as signing time and content type are still included.
1.1 jsing 4704: .It Fl noverify
4705: Do not verify the signer's certificate of a signed message.
4706: .It Fl out Ar file
1.70 jmc 4707: The output file to write to.
4708: .It Fl outform Cm der | pem | smime
4709: The output format.
4710: The default is smime, which writes an S/MIME format message.
4711: .Cm pem
1.1 jsing 4712: and
1.70 jmc 4713: .Cm der
4714: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4715: This currently only affects the output format of the PKCS#7
4716: structure; if no PKCS#7 structure is being output (for example with
4717: .Fl verify
4718: or
4719: .Fl decrypt )
4720: this option has no effect.
4721: .It Fl passin Ar arg
4722: The key password source.
4723: .It Fl recip Ar file
4724: The recipients certificate when decrypting a message.
4725: This certificate
4726: must match one of the recipients of the message or an error occurs.
4727: .It Fl signer Ar file
4728: A signing certificate when signing or resigning a message;
4729: this option can be used multiple times if more than one signer is required.
4730: If a message is being verified, the signer's certificates will be
4731: written to this file if the verification was successful.
4732: .It Fl stream
4733: The same as
4734: .Fl indef .
4735: .It Fl text
1.70 jmc 4736: Add plain text (text/plain) MIME
1.1 jsing 4737: headers to the supplied message if encrypting or signing.
4738: If decrypting or verifying, it strips off text headers:
1.70 jmc 4739: if the decrypted or verified message is not of MIME type text/plain
4740: then an error occurs.
1.1 jsing 4741: .El
4742: .Pp
1.70 jmc 4743: The exit codes for
4744: .Nm smime
4745: are as follows:
1.1 jsing 4746: .Pp
1.70 jmc 4747: .Bl -tag -width "XXXX" -offset 3n -compact
4748: .It 0
1.1 jsing 4749: The operation was completely successful.
1.70 jmc 4750: .It 1
1.1 jsing 4751: An error occurred parsing the command options.
1.70 jmc 4752: .It 2
1.1 jsing 4753: One of the input files could not be read.
1.70 jmc 4754: .It 3
4755: An error occurred creating the file or when reading the message.
4756: .It 4
1.1 jsing 4757: An error occurred decrypting or verifying the message.
1.70 jmc 4758: .It 5
4759: An error occurred writing certificates.
1.1 jsing 4760: .El
4761: .Sh SPEED
1.114 jmc 4762: .Bl -hang -width "openssl speed"
4763: .It Nm openssl speed
4764: .Bk -words
1.71 jmc 4765: .Op Ar algorithm
1.1 jsing 4766: .Op Fl decrypt
4767: .Op Fl elapsed
1.71 jmc 4768: .Op Fl evp Ar algorithm
1.1 jsing 4769: .Op Fl mr
4770: .Op Fl multi Ar number
1.114 jmc 4771: .Ek
4772: .El
1.1 jsing 4773: .Pp
4774: The
4775: .Nm speed
4776: command is used to test the performance of cryptographic algorithms.
4777: .Bl -tag -width "XXXX"
1.71 jmc 4778: .It Ar algorithm
4779: Perform the test using
4780: .Ar algorithm .
4781: The default is to test all algorithms.
1.1 jsing 4782: .It Fl decrypt
1.71 jmc 4783: Time decryption instead of encryption;
4784: must be used with
4785: .Fl evp .
1.1 jsing 4786: .It Fl elapsed
4787: Measure time in real time instead of CPU user time.
1.71 jmc 4788: .It Fl evp Ar algorithm
4789: Perform the test using one of the algorithms accepted by
4790: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4791: .It Fl mr
4792: Produce machine readable output.
4793: .It Fl multi Ar number
4794: Run
4795: .Ar number
4796: benchmarks in parallel.
4797: .El
1.77 jmc 4798: .Sh SPKAC
1.114 jmc 4799: .Bl -hang -width "openssl spkac"
4800: .It Nm openssl spkac
4801: .Bk -words
1.77 jmc 4802: .Op Fl challenge Ar string
4803: .Op Fl in Ar file
4804: .Op Fl key Ar keyfile
4805: .Op Fl noout
4806: .Op Fl out Ar file
4807: .Op Fl passin Ar arg
4808: .Op Fl pubkey
4809: .Op Fl spkac Ar spkacname
4810: .Op Fl spksect Ar section
4811: .Op Fl verify
1.114 jmc 4812: .Ek
4813: .El
1.77 jmc 4814: .Pp
4815: The
4816: .Nm spkac
4817: command processes signed public key and challenge (SPKAC) files.
4818: It can print out their contents, verify the signature,
4819: and produce its own SPKACs from a supplied private key.
4820: .Pp
4821: The options are as follows:
4822: .Bl -tag -width Ds
4823: .It Fl challenge Ar string
4824: The challenge string, if an SPKAC is being created.
4825: .It Fl in Ar file
4826: The input file to read from,
4827: or standard input if not specified.
4828: Ignored if the
4829: .Fl key
4830: option is used.
4831: .It Fl key Ar keyfile
4832: Create an SPKAC file using the private key in
4833: .Ar keyfile .
4834: The
4835: .Fl in , noout , spksect ,
4836: and
4837: .Fl verify
4838: options are ignored, if present.
4839: .It Fl noout
4840: Do not output the text version of the SPKAC.
4841: .It Fl out Ar file
4842: The output file to write to,
4843: or standard output if not specified.
4844: .It Fl passin Ar arg
4845: The key password source.
4846: .It Fl pubkey
4847: Output the public key of an SPKAC.
4848: .It Fl spkac Ar spkacname
4849: An alternative name for the variable containing the SPKAC.
4850: The default is "SPKAC".
4851: This option affects both generated and input SPKAC files.
4852: .It Fl spksect Ar section
4853: An alternative name for the
4854: .Ar section
4855: containing the SPKAC.
4856: .It Fl verify
4857: Verify the digital signature on the supplied SPKAC.
4858: .El
1.1 jsing 4859: .Sh TS
1.114 jmc 4860: .Bk -words
4861: .Bl -hang -width "openssl ts"
4862: .It Nm openssl ts
1.1 jsing 4863: .Fl query
1.29 bcook 4864: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4865: .Op Fl cert
4866: .Op Fl config Ar configfile
4867: .Op Fl data Ar file_to_hash
4868: .Op Fl digest Ar digest_bytes
4869: .Op Fl in Ar request.tsq
4870: .Op Fl no_nonce
4871: .Op Fl out Ar request.tsq
4872: .Op Fl policy Ar object_id
4873: .Op Fl text
1.114 jmc 4874: .It Nm openssl ts
1.1 jsing 4875: .Fl reply
4876: .Op Fl chain Ar certs_file.pem
4877: .Op Fl config Ar configfile
4878: .Op Fl in Ar response.tsr
4879: .Op Fl inkey Ar private.pem
4880: .Op Fl out Ar response.tsr
4881: .Op Fl passin Ar arg
4882: .Op Fl policy Ar object_id
4883: .Op Fl queryfile Ar request.tsq
4884: .Op Fl section Ar tsa_section
4885: .Op Fl signer Ar tsa_cert.pem
4886: .Op Fl text
4887: .Op Fl token_in
4888: .Op Fl token_out
1.114 jmc 4889: .It Nm openssl ts
1.1 jsing 4890: .Fl verify
4891: .Op Fl CAfile Ar trusted_certs.pem
4892: .Op Fl CApath Ar trusted_cert_path
4893: .Op Fl data Ar file_to_hash
4894: .Op Fl digest Ar digest_bytes
4895: .Op Fl in Ar response.tsr
4896: .Op Fl queryfile Ar request.tsq
4897: .Op Fl token_in
4898: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 4899: .El
4900: .Ek
1.1 jsing 4901: .Pp
4902: The
4903: .Nm ts
4904: command is a basic Time Stamping Authority (TSA) client and server
4905: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4906: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4907: term proof of the existence of specific data.
1.1 jsing 4908: Here is a brief description of the protocol:
4909: .Bl -enum
4910: .It
4911: The TSA client computes a one-way hash value for a data file and sends
4912: the hash to the TSA.
4913: .It
4914: The TSA attaches the current date and time to the received hash value,
4915: signs them and sends the time stamp token back to the client.
4916: By creating this token the TSA certifies the existence of the original
4917: data file at the time of response generation.
4918: .It
4919: The TSA client receives the time stamp token and verifies the
4920: signature on it.
4921: It also checks if the token contains the same hash
4922: value that it had sent to the TSA.
4923: .El
4924: .Pp
4925: There is one DER-encoded protocol data unit defined for transporting a time
4926: stamp request to the TSA and one for sending the time stamp response
4927: back to the client.
4928: The
4929: .Nm ts
4930: command has three main functions:
4931: creating a time stamp request based on a data file;
4932: creating a time stamp response based on a request;
4933: and verifying if a response corresponds
4934: to a particular request or a data file.
4935: .Pp
4936: There is no support for sending the requests/responses automatically
4937: over HTTP or TCP yet as suggested in RFC 3161.
4938: Users must send the requests either by FTP or email.
4939: .Pp
4940: The
4941: .Fl query
4942: switch can be used for creating and printing a time stamp
4943: request with the following options:
4944: .Bl -tag -width Ds
4945: .It Fl cert
1.72 jmc 4946: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4947: .It Fl config Ar configfile
1.72 jmc 4948: Specify an alternative configuration file.
4949: Only the OID section is used.
1.1 jsing 4950: .It Fl data Ar file_to_hash
4951: The data file for which the time stamp request needs to be created.
1.72 jmc 4952: The default is standard input.
1.1 jsing 4953: .It Fl digest Ar digest_bytes
1.72 jmc 4954: Specify the message imprint explicitly without the data file.
1.1 jsing 4955: The imprint must be specified in a hexadecimal format,
4956: two characters per byte,
1.72 jmc 4957: the bytes optionally separated by colons.
1.1 jsing 4958: The number of bytes must match the message digest algorithm in use.
4959: .It Fl in Ar request.tsq
1.72 jmc 4960: A previously created time stamp request in DER
1.1 jsing 4961: format that will be printed into the output file.
1.72 jmc 4962: Useful for examining the content of a request in human-readable format.
1.76 jmc 4963: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4964: The message digest to apply to the data file.
4965: It supports all the message digest algorithms that are supported by the
4966: .Nm dgst
4967: command.
4968: The default is SHA-1.
4969: .It Fl no_nonce
1.72 jmc 4970: Specify no nonce in the request.
4971: The default, to include a 64-bit long pseudo-random nonce,
4972: is recommended to protect against replay attacks.
1.1 jsing 4973: .It Fl out Ar request.tsq
1.72 jmc 4974: The output file to write to,
4975: or standard output if not specified.
1.1 jsing 4976: .It Fl policy Ar object_id
4977: The policy that the client expects the TSA to use for creating the
4978: time stamp token.
1.72 jmc 4979: Either dotted OID notation or OID names defined
1.1 jsing 4980: in the config file can be used.
1.72 jmc 4981: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4982: .It Fl text
1.72 jmc 4983: Output in human-readable text format instead of DER.
1.1 jsing 4984: .El
4985: .Pp
4986: A time stamp response (TimeStampResp) consists of a response status
4987: and the time stamp token itself (ContentInfo),
4988: if the token generation was successful.
4989: The
4990: .Fl reply
4991: command is for creating a time stamp
4992: response or time stamp token based on a request and printing the
4993: response/token in human-readable format.
4994: If
4995: .Fl token_out
4996: is not specified the output is always a time stamp response (TimeStampResp),
4997: otherwise it is a time stamp token (ContentInfo).
4998: .Bl -tag -width Ds
4999: .It Fl chain Ar certs_file.pem
1.72 jmc 5000: The collection of PEM certificates
1.1 jsing 5001: that will be included in the response
5002: in addition to the signer certificate if the
5003: .Fl cert
5004: option was used for the request.
5005: This file is supposed to contain the certificate chain
5006: for the signer certificate from its issuer upwards.
5007: The
5008: .Fl reply
5009: command does not build a certificate chain automatically.
5010: .It Fl config Ar configfile
1.72 jmc 5011: Specify an alternative configuration file.
1.1 jsing 5012: .It Fl in Ar response.tsr
1.72 jmc 5013: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5014: .Fl token_in
1.72 jmc 5015: is also specified)
1.1 jsing 5016: in DER format that will be written to the output file.
5017: This option does not require a request;
5018: it is useful, for example,
1.72 jmc 5019: to examine the content of a response or token
5020: or to extract the time stamp token from a response.
1.1 jsing 5021: If the input is a token and the output is a time stamp response a default
1.72 jmc 5022: .Qq granted
1.1 jsing 5023: status info is added to the token.
5024: .It Fl inkey Ar private.pem
5025: The signer private key of the TSA in PEM format.
5026: Overrides the
5027: .Cm signer_key
5028: config file option.
5029: .It Fl out Ar response.tsr
5030: The response is written to this file.
5031: The format and content of the file depends on other options (see
5032: .Fl text
5033: and
5034: .Fl token_out ) .
5035: The default is stdout.
5036: .It Fl passin Ar arg
5037: The key password source.
5038: .It Fl policy Ar object_id
1.72 jmc 5039: The default policy to use for the response.
5040: Either dotted OID notation or OID names defined
5041: in the config file can be used.
5042: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5043: .It Fl queryfile Ar request.tsq
1.72 jmc 5044: The file containing a DER-encoded time stamp request.
1.1 jsing 5045: .It Fl section Ar tsa_section
1.72 jmc 5046: The config file section containing the settings for response generation.
1.1 jsing 5047: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5048: The PEM signer certificate of the TSA.
1.1 jsing 5049: The TSA signing certificate must have exactly one extended key usage
5050: assigned to it: timeStamping.
5051: The extended key usage must also be critical,
5052: otherwise the certificate is going to be refused.
5053: Overrides the
5054: .Cm signer_cert
5055: variable of the config file.
5056: .It Fl text
1.72 jmc 5057: Output in human-readable text format instead of DER.
1.1 jsing 5058: .It Fl token_in
1.72 jmc 5059: The input is a DER-encoded time stamp token (ContentInfo)
5060: instead of a time stamp response (TimeStampResp).
1.1 jsing 5061: .It Fl token_out
1.72 jmc 5062: The output is a time stamp token (ContentInfo)
5063: instead of a time stamp response (TimeStampResp).
1.1 jsing 5064: .El
5065: .Pp
5066: The
5067: .Fl verify
5068: command is for verifying if a time stamp response or time stamp token
5069: is valid and matches a particular time stamp request or data file.
5070: The
5071: .Fl verify
5072: command does not use the configuration file.
5073: .Bl -tag -width Ds
5074: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5075: The file containing a set of trusted self-signed PEM CA certificates.
5076: See
1.1 jsing 5077: .Nm verify
5078: for additional details.
5079: Either this option or
5080: .Fl CApath
5081: must be specified.
5082: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5083: The directory containing the trusted CA certificates of the client.
1.72 jmc 5084: See
1.1 jsing 5085: .Nm verify
5086: for additional details.
5087: Either this option or
5088: .Fl CAfile
5089: must be specified.
5090: .It Fl data Ar file_to_hash
5091: The response or token must be verified against
5092: .Ar file_to_hash .
5093: The file is hashed with the message digest algorithm specified in the token.
5094: The
5095: .Fl digest
5096: and
5097: .Fl queryfile
5098: options must not be specified with this one.
5099: .It Fl digest Ar digest_bytes
5100: The response or token must be verified against the message digest specified
5101: with this option.
5102: The number of bytes must match the message digest algorithm
5103: specified in the token.
5104: The
5105: .Fl data
5106: and
5107: .Fl queryfile
5108: options must not be specified with this one.
5109: .It Fl in Ar response.tsr
5110: The time stamp response that needs to be verified, in DER format.
5111: This option in mandatory.
5112: .It Fl queryfile Ar request.tsq
5113: The original time stamp request, in DER format.
5114: The
5115: .Fl data
5116: and
5117: .Fl digest
5118: options must not be specified with this one.
5119: .It Fl token_in
1.72 jmc 5120: The input is a DER-encoded time stamp token (ContentInfo)
5121: instead of a time stamp response (TimeStampResp).
1.1 jsing 5122: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5123: Additional untrusted PEM certificates which may be needed
5124: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5125: This file must contain the TSA signing certificate and
5126: all intermediate CA certificates unless the response includes them.
5127: .El
5128: .Pp
1.72 jmc 5129: Options specified on the command line always override
5130: the settings in the config file:
1.1 jsing 5131: .Bl -tag -width Ds
5132: .It Cm tsa Ar section , Cm default_tsa
5133: This is the main section and it specifies the name of another section
5134: that contains all the options for the
5135: .Fl reply
5136: option.
1.72 jmc 5137: This section can be overridden with the
1.1 jsing 5138: .Fl section
5139: command line switch.
5140: .It Cm oid_file
5141: See
5142: .Nm ca
5143: for a description.
5144: .It Cm oid_section
5145: See
5146: .Nm ca
5147: for a description.
5148: .It Cm serial
1.72 jmc 5149: The file containing the hexadecimal serial number of the
1.1 jsing 5150: last time stamp response created.
5151: This number is incremented by 1 for each response.
1.72 jmc 5152: If the file does not exist at the time of response generation
5153: a new file is created with serial number 1.
1.1 jsing 5154: This parameter is mandatory.
5155: .It Cm signer_cert
5156: TSA signing certificate, in PEM format.
5157: The same as the
5158: .Fl signer
5159: command line option.
5160: .It Cm certs
1.72 jmc 5161: A set of PEM-encoded certificates that need to be
1.1 jsing 5162: included in the response.
5163: The same as the
5164: .Fl chain
5165: command line option.
5166: .It Cm signer_key
5167: The private key of the TSA, in PEM format.
5168: The same as the
5169: .Fl inkey
5170: command line option.
5171: .It Cm default_policy
5172: The default policy to use when the request does not mandate any policy.
5173: The same as the
5174: .Fl policy
5175: command line option.
5176: .It Cm other_policies
5177: Comma separated list of policies that are also acceptable by the TSA
5178: and used only if the request explicitly specifies one of them.
5179: .It Cm digests
5180: The list of message digest algorithms that the TSA accepts.
5181: At least one algorithm must be specified.
5182: This parameter is mandatory.
5183: .It Cm accuracy
5184: The accuracy of the time source of the TSA in seconds, milliseconds
5185: and microseconds.
5186: For example, secs:1, millisecs:500, microsecs:100.
5187: If any of the components is missing,
5188: zero is assumed for that field.
5189: .It Cm clock_precision_digits
1.72 jmc 5190: The maximum number of digits, which represent the fraction of seconds,
5191: that need to be included in the time field.
1.1 jsing 5192: The trailing zeroes must be removed from the time,
1.72 jmc 5193: so there might actually be fewer digits
1.1 jsing 5194: or no fraction of seconds at all.
5195: The maximum value is 6;
5196: the default is 0.
5197: .It Cm ordering
5198: If this option is yes,
5199: the responses generated by this TSA can always be ordered,
5200: even if the time difference between two responses is less
5201: than the sum of their accuracies.
5202: The default is no.
5203: .It Cm tsa_name
5204: Set this option to yes if the subject name of the TSA must be included in
5205: the TSA name field of the response.
5206: The default is no.
5207: .It Cm ess_cert_id_chain
5208: The SignedData objects created by the TSA always contain the
5209: certificate identifier of the signing certificate in a signed
5210: attribute (see RFC 2634, Enhanced Security Services).
5211: If this option is set to yes and either the
5212: .Cm certs
5213: variable or the
5214: .Fl chain
5215: option is specified then the certificate identifiers of the chain will also
5216: be included in the SigningCertificate signed attribute.
5217: If this variable is set to no,
5218: only the signing certificate identifier is included.
5219: The default is no.
5220: .El
5221: .Sh VERIFY
1.114 jmc 5222: .Bl -hang -width "openssl verify"
5223: .It Nm openssl verify
5224: .Bk -words
1.1 jsing 5225: .Op Fl CAfile Ar file
5226: .Op Fl CApath Ar directory
5227: .Op Fl check_ss_sig
1.107 inoguchi 5228: .Op Fl CRLfile Ar file
1.1 jsing 5229: .Op Fl crl_check
5230: .Op Fl crl_check_all
5231: .Op Fl explicit_policy
5232: .Op Fl extended_crl
5233: .Op Fl help
5234: .Op Fl ignore_critical
5235: .Op Fl inhibit_any
5236: .Op Fl inhibit_map
5237: .Op Fl issuer_checks
5238: .Op Fl policy_check
5239: .Op Fl purpose Ar purpose
1.107 inoguchi 5240: .Op Fl trusted Ar file
1.1 jsing 5241: .Op Fl untrusted Ar file
5242: .Op Fl verbose
5243: .Op Fl x509_strict
5244: .Op Ar certificates
1.114 jmc 5245: .Ek
5246: .El
1.1 jsing 5247: .Pp
5248: The
5249: .Nm verify
5250: command verifies certificate chains.
5251: .Pp
5252: The options are as follows:
5253: .Bl -tag -width Ds
5254: .It Fl CAfile Ar file
5255: A
5256: .Ar file
5257: of trusted certificates.
5258: The
5259: .Ar file
5260: should contain multiple certificates in PEM format, concatenated together.
5261: .It Fl CApath Ar directory
5262: A
5263: .Ar directory
5264: of trusted certificates.
1.76 jmc 5265: The certificates, or symbolic links to them,
5266: should have names of the form
5267: .Ar hash Ns .0 ,
5268: where
5269: .Ar hash
5270: is the hashed certificate subject name
5271: (see the
1.1 jsing 5272: .Fl hash
5273: option of the
5274: .Nm x509
5275: utility).
1.107 inoguchi 5276: .It Fl check_ss_sig
5277: Verify the signature on the self-signed root CA.
5278: This is disabled by default
5279: because it doesn't add any security.
5280: .It Fl CRLfile Ar file
5281: The
5282: .Ar file
5283: should contain one or more CRLs in PEM format.
1.1 jsing 5284: .It Fl crl_check
1.76 jmc 5285: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5286: If a valid CRL cannot be found an error occurs.
5287: .It Fl crl_check_all
1.76 jmc 5288: Check the validity of all certificates in the chain by attempting
1.1 jsing 5289: to look up valid CRLs.
5290: .It Fl explicit_policy
1.76 jmc 5291: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5292: .It Fl extended_crl
5293: Enable extended CRL features such as indirect CRLs and alternate CRL
5294: signing keys.
5295: .It Fl help
1.76 jmc 5296: Print a usage message.
1.1 jsing 5297: .It Fl ignore_critical
1.76 jmc 5298: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5299: .It Fl inhibit_any
1.76 jmc 5300: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5301: .It Fl inhibit_map
1.76 jmc 5302: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5303: .It Fl issuer_checks
1.76 jmc 5304: Print diagnostics relating to searches for the issuer certificate
5305: of the current certificate
5306: showing why each candidate issuer certificate was rejected.
5307: The presence of rejection messages
5308: does not itself imply that anything is wrong:
5309: during the normal verify process several rejections may take place.
1.1 jsing 5310: .It Fl policy_check
1.76 jmc 5311: Enable certificate policy processing.
1.1 jsing 5312: .It Fl purpose Ar purpose
5313: The intended use for the certificate.
5314: Without this option no chain verification will be done.
5315: Currently accepted uses are
1.76 jmc 5316: .Cm sslclient , sslserver ,
5317: .Cm nssslserver , smimesign ,
5318: .Cm smimeencrypt , crlsign ,
5319: .Cm any ,
1.1 jsing 5320: and
1.76 jmc 5321: .Cm ocsphelper .
1.107 inoguchi 5322: .It Fl trusted Ar file
5323: A
5324: .Ar file
5325: of trusted certificates.
5326: The
5327: .Ar file
5328: should contain multiple certificates.
1.1 jsing 5329: .It Fl untrusted Ar file
5330: A
5331: .Ar file
5332: of untrusted certificates.
5333: The
5334: .Ar file
5335: should contain multiple certificates.
5336: .It Fl verbose
5337: Print extra information about the operations being performed.
5338: .It Fl x509_strict
5339: Disable workarounds for broken certificates which have to be disabled
5340: for strict X.509 compliance.
5341: .It Ar certificates
1.76 jmc 5342: One or more PEM
1.1 jsing 5343: .Ar certificates
5344: to verify.
5345: If no certificate files are included, an attempt is made to read
5346: a certificate from standard input.
1.76 jmc 5347: If the first certificate filename begins with a dash,
5348: use a lone dash to mark the last option.
1.1 jsing 5349: .El
1.76 jmc 5350: .Pp
1.1 jsing 5351: The
5352: .Nm verify
5353: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5354: with one crucial difference:
5355: wherever possible an attempt is made to continue after an error,
5356: whereas normally the verify operation would halt on the first error.
1.1 jsing 5357: This allows all the problems with a certificate chain to be determined.
5358: .Pp
1.76 jmc 5359: The verify operation consists of a number of separate steps.
1.1 jsing 5360: Firstly a certificate chain is built up starting from the supplied certificate
5361: and ending in the root CA.
5362: It is an error if the whole chain cannot be built up.
5363: The chain is built up by looking up the issuer's certificate of the current
5364: certificate.
5365: If a certificate is found which is its own issuer, it is assumed
5366: to be the root CA.
5367: .Pp
1.76 jmc 5368: All certificates whose subject name matches the issuer name
1.1 jsing 5369: of the current certificate are subject to further tests.
5370: The relevant authority key identifier components of the current certificate
1.76 jmc 5371: (if present) must match the subject key identifier (if present)
5372: and issuer and serial number of the candidate issuer;
5373: in addition the
5374: .Cm keyUsage
5375: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5376: .Pp
5377: The lookup first looks in the list of untrusted certificates and if no match
5378: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5379: The root CA is always looked up in the trusted certificate list:
5380: if the certificate to verify is a root certificate,
5381: then an exact match must be found in the trusted list.
1.1 jsing 5382: .Pp
5383: The second operation is to check every untrusted certificate's extensions for
5384: consistency with the supplied purpose.
5385: If the
5386: .Fl purpose
5387: option is not included, then no checks are done.
5388: The supplied or
5389: .Qq leaf
5390: certificate must have extensions compatible with the supplied purpose
5391: and all other certificates must also be valid CA certificates.
5392: The precise extensions required are described in more detail in
5393: the
1.76 jmc 5394: .Nm X509
1.1 jsing 5395: section below.
5396: .Pp
5397: The third operation is to check the trust settings on the root CA.
5398: The root CA should be trusted for the supplied purpose.
1.76 jmc 5399: A certificate with no trust settings is considered to be valid for
1.1 jsing 5400: all purposes.
5401: .Pp
5402: The final operation is to check the validity of the certificate chain.
5403: The validity period is checked against the current system time and the
1.76 jmc 5404: .Cm notBefore
1.1 jsing 5405: and
1.76 jmc 5406: .Cm notAfter
1.1 jsing 5407: dates in the certificate.
5408: The certificate signatures are also checked at this point.
5409: .Pp
5410: If all operations complete successfully, the certificate is considered
5411: valid.
5412: If any operation fails then the certificate is not valid.
5413: When a verify operation fails, the output messages can be somewhat cryptic.
5414: The general form of the error message is:
1.76 jmc 5415: .Bd -literal
5416: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5417: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5418: .Ed
5419: .Pp
5420: The first line contains the name of the certificate being verified, followed by
5421: the subject name of the certificate.
5422: The second line contains the error number and the depth.
5423: The depth is the number of the certificate being verified when a
5424: problem was detected starting with zero for the certificate being verified
5425: itself, then 1 for the CA that signed the certificate and so on.
5426: Finally a text version of the error number is presented.
5427: .Pp
5428: An exhaustive list of the error codes and messages is shown below; this also
5429: includes the name of the error code as defined in the header file
1.12 bentley 5430: .In openssl/x509_vfy.h .
1.76 jmc 5431: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5432: .Qq unused .
5433: .Bl -tag -width "XXXX"
1.78 jmc 5434: .It 0 X509_V_OK
1.1 jsing 5435: The operation was successful.
1.78 jmc 5436: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5437: The issuer certificate of an untrusted certificate could not be found.
5438: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5439: The CRL of a certificate could not be found.
1.78 jmc 5440: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5441: The certificate signature could not be decrypted.
1.78 jmc 5442: This means that the actual signature value could not be determined
5443: rather than it not matching the expected value.
1.1 jsing 5444: This is only meaningful for RSA keys.
1.78 jmc 5445: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5446: The CRL signature could not be decrypted.
5447: This means that the actual signature value could not be determined
5448: rather than it not matching the expected value.
1.1 jsing 5449: Unused.
1.78 jmc 5450: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5451: The public key in the certificate
1.76 jmc 5452: .Cm SubjectPublicKeyInfo
1.1 jsing 5453: could not be read.
1.78 jmc 5454: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5455: The signature of the certificate is invalid.
1.78 jmc 5456: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5457: The signature of the certificate is invalid.
1.78 jmc 5458: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5459: The certificate is not yet valid: the
1.76 jmc 5460: .Cm notBefore
1.1 jsing 5461: date is after the current time.
1.78 jmc 5462: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5463: The certificate has expired; that is, the
1.76 jmc 5464: .Cm notAfter
1.1 jsing 5465: date is before the current time.
1.78 jmc 5466: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5467: The CRL is not yet valid.
1.78 jmc 5468: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5469: The CRL has expired.
1.78 jmc 5470: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5471: The certificate
1.76 jmc 5472: .Cm notBefore
1.1 jsing 5473: field contains an invalid time.
1.78 jmc 5474: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5475: The certificate
1.76 jmc 5476: .Cm notAfter
1.1 jsing 5477: field contains an invalid time.
1.78 jmc 5478: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5479: The CRL
1.76 jmc 5480: .Cm lastUpdate
1.1 jsing 5481: field contains an invalid time.
1.78 jmc 5482: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5483: The CRL
1.76 jmc 5484: .Cm nextUpdate
1.1 jsing 5485: field contains an invalid time.
1.78 jmc 5486: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5487: An error occurred trying to allocate memory.
5488: This should never happen.
1.78 jmc 5489: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5490: The passed certificate is self-signed and the same certificate cannot be
5491: found in the list of trusted certificates.
1.78 jmc 5492: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5493: The certificate chain could be built up using the untrusted certificates but
5494: the root could not be found locally.
1.78 jmc 5495: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5496: The issuer certificate of a locally looked up certificate could not be found.
5497: This normally means the list of trusted certificates is not complete.
1.78 jmc 5498: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5499: No signatures could be verified because the chain contains only one
5500: certificate and it is not self-signed.
1.78 jmc 5501: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5502: The certificate chain length is greater than the supplied maximum depth.
5503: Unused.
1.78 jmc 5504: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5505: The certificate has been revoked.
1.78 jmc 5506: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5507: A CA certificate is invalid.
5508: Either it is not a CA or its extensions are not consistent
5509: with the supplied purpose.
1.78 jmc 5510: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5511: The
1.76 jmc 5512: .Cm basicConstraints
1.1 jsing 5513: pathlength parameter has been exceeded.
1.78 jmc 5514: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5515: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5516: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5517: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5518: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5519: The root CA is marked to reject the specified purpose.
1.78 jmc 5520: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5521: The current candidate issuer certificate was rejected because its subject name
5522: did not match the issuer name of the current certificate.
5523: Only displayed when the
5524: .Fl issuer_checks
5525: option is set.
1.78 jmc 5526: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5527: The current candidate issuer certificate was rejected because its subject key
5528: identifier was present and did not match the authority key identifier current
5529: certificate.
5530: Only displayed when the
5531: .Fl issuer_checks
5532: option is set.
1.78 jmc 5533: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5534: The current candidate issuer certificate was rejected because its issuer name
5535: and serial number were present and did not match the authority key identifier
5536: of the current certificate.
5537: Only displayed when the
5538: .Fl issuer_checks
5539: option is set.
1.78 jmc 5540: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5541: The current candidate issuer certificate was rejected because its
1.76 jmc 5542: .Cm keyUsage
1.1 jsing 5543: extension does not permit certificate signing.
1.78 jmc 5544: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5545: An application specific error.
5546: Unused.
5547: .El
5548: .Sh VERSION
5549: .Nm openssl version
5550: .Op Fl abdfopv
5551: .Pp
5552: The
5553: .Nm version
5554: command is used to print out version information about
1.79 jmc 5555: .Nm openssl .
1.1 jsing 5556: .Pp
5557: The options are as follows:
5558: .Bl -tag -width Ds
5559: .It Fl a
5560: All information: this is the same as setting all the other flags.
5561: .It Fl b
5562: The date the current version of
1.79 jmc 5563: .Nm openssl
1.1 jsing 5564: was built.
5565: .It Fl d
5566: .Ev OPENSSLDIR
5567: setting.
5568: .It Fl f
5569: Compilation flags.
5570: .It Fl o
5571: Option information: various options set when the library was built.
5572: .It Fl p
5573: Platform setting.
5574: .It Fl v
5575: The current
1.79 jmc 5576: .Nm openssl
1.1 jsing 5577: version.
5578: .El
5579: .Sh X509
1.114 jmc 5580: .Bl -hang -width "openssl x509"
5581: .It Nm openssl x509
5582: .Bk -words
1.1 jsing 5583: .Op Fl C
5584: .Op Fl addreject Ar arg
5585: .Op Fl addtrust Ar arg
5586: .Op Fl alias
5587: .Op Fl CA Ar file
5588: .Op Fl CAcreateserial
1.80 jmc 5589: .Op Fl CAform Cm der | pem
1.1 jsing 5590: .Op Fl CAkey Ar file
1.80 jmc 5591: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5592: .Op Fl CAserial Ar file
5593: .Op Fl certopt Ar option
5594: .Op Fl checkend Ar arg
5595: .Op Fl clrext
5596: .Op Fl clrreject
5597: .Op Fl clrtrust
5598: .Op Fl dates
5599: .Op Fl days Ar arg
5600: .Op Fl email
5601: .Op Fl enddate
5602: .Op Fl extensions Ar section
5603: .Op Fl extfile Ar file
5604: .Op Fl fingerprint
5605: .Op Fl hash
5606: .Op Fl in Ar file
1.80 jmc 5607: .Op Fl inform Cm der | net | pem
1.1 jsing 5608: .Op Fl issuer
5609: .Op Fl issuer_hash
5610: .Op Fl issuer_hash_old
1.80 jmc 5611: .Op Fl keyform Cm der | pem
1.29 bcook 5612: .Op Fl md5 | sha1
1.1 jsing 5613: .Op Fl modulus
5614: .Op Fl nameopt Ar option
1.107 inoguchi 5615: .Op Fl next_serial
1.1 jsing 5616: .Op Fl noout
5617: .Op Fl ocsp_uri
5618: .Op Fl ocspid
5619: .Op Fl out Ar file
1.80 jmc 5620: .Op Fl outform Cm der | net | pem
1.1 jsing 5621: .Op Fl passin Ar arg
5622: .Op Fl pubkey
5623: .Op Fl purpose
5624: .Op Fl req
5625: .Op Fl serial
5626: .Op Fl set_serial Ar n
5627: .Op Fl setalias Ar arg
5628: .Op Fl signkey Ar file
1.107 inoguchi 5629: .Op Fl sigopt Ar nm:v
1.1 jsing 5630: .Op Fl startdate
5631: .Op Fl subject
5632: .Op Fl subject_hash
5633: .Op Fl subject_hash_old
5634: .Op Fl text
5635: .Op Fl trustout
5636: .Op Fl x509toreq
1.114 jmc 5637: .Ek
5638: .El
1.1 jsing 5639: .Pp
5640: The
5641: .Nm x509
5642: command is a multi-purpose certificate utility.
5643: It can be used to display certificate information, convert certificates to
5644: various forms, sign certificate requests like a
5645: .Qq mini CA ,
5646: or edit certificate trust settings.
5647: .Pp
1.80 jmc 5648: The following are x509 input, output, and general purpose options:
1.1 jsing 5649: .Bl -tag -width "XXXX"
5650: .It Fl in Ar file
1.80 jmc 5651: The input file to read from,
5652: or standard input if not specified.
5653: .It Fl inform Cm der | net | pem
5654: The input format.
1.1 jsing 5655: Normally, the command will expect an X.509 certificate,
5656: but this can change if other options such as
5657: .Fl req
5658: are present.
1.29 bcook 5659: .It Fl md5 | sha1
1.1 jsing 5660: The digest to use.
5661: This affects any signing or display option that uses a message digest,
5662: such as the
5663: .Fl fingerprint , signkey ,
5664: and
5665: .Fl CA
5666: options.
5667: If not specified, MD5 is used.
1.80 jmc 5668: SHA1 is always used with DSA keys.
1.1 jsing 5669: .It Fl out Ar file
1.80 jmc 5670: The output file to write to,
5671: or standard output if none is specified.
5672: .It Fl outform Cm der | net | pem
5673: The output format.
1.1 jsing 5674: .It Fl passin Ar arg
5675: The key password source.
5676: .El
1.80 jmc 5677: .Pp
5678: The following are x509 display options:
1.1 jsing 5679: .Bl -tag -width "XXXX"
5680: .It Fl C
1.80 jmc 5681: Output the certificate in the form of a C source file.
1.1 jsing 5682: .It Fl certopt Ar option
5683: Customise the output format used with
1.80 jmc 5684: .Fl text ,
5685: either using a list of comma-separated options or by specifying
1.1 jsing 5686: .Fl certopt
1.80 jmc 5687: multiple times.
5688: The default behaviour is to print all fields.
5689: The options are as follows:
5690: .Pp
5691: .Bl -tag -width "no_extensions" -offset indent -compact
5692: .It Cm ca_default
5693: Equivalent to
5694: .Cm no_issuer , no_pubkey , no_header ,
5695: .Cm no_version , no_sigdump ,
5696: and
5697: .Cm no_signame .
5698: .It Cm compatible
5699: Equivalent to no output options at all.
5700: .It Cm ext_default
5701: Print unsupported certificate extensions.
5702: .It Cm ext_dump
5703: Hex dump unsupported extensions.
5704: .It Cm ext_error
5705: Print an error message for unsupported certificate extensions.
5706: .It Cm ext_parse
1.84 jmc 5707: ASN.1 parse unsupported extensions.
1.80 jmc 5708: .It Cm no_aux
5709: Do not print certificate trust information.
5710: .It Cm no_extensions
5711: Do not print X509V3 extensions.
5712: .It Cm no_header
5713: Do not print header (Certificate and Data) information.
5714: .It Cm no_issuer
5715: Do not print the issuer name.
5716: .It Cm no_pubkey
5717: Do not print the public key.
5718: .It Cm no_serial
5719: Do not print the serial number.
5720: .It Cm no_sigdump
5721: Do not give a hexadecimal dump of the certificate signature.
5722: .It Cm no_signame
5723: Do not print the signature algorithm used.
5724: .It Cm no_subject
5725: Do not print the subject name.
5726: .It Cm no_validity
5727: Do not print the
5728: .Cm notBefore
5729: and
5730: .Cm notAfter
5731: (validity) fields.
5732: .It Cm no_version
5733: Do not print the version number.
5734: .El
1.1 jsing 5735: .It Fl dates
1.80 jmc 5736: Print the start and expiry date of a certificate.
1.1 jsing 5737: .It Fl email
1.80 jmc 5738: Output the email addresses, if any.
1.1 jsing 5739: .It Fl enddate
1.80 jmc 5740: Print the expiry date of the certificate; that is, the
5741: .Cm notAfter
1.1 jsing 5742: date.
5743: .It Fl fingerprint
1.80 jmc 5744: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5745: .It Fl hash
5746: A synonym for
1.80 jmc 5747: .Fl subject_hash .
1.1 jsing 5748: .It Fl issuer
1.80 jmc 5749: Print the issuer name.
1.1 jsing 5750: .It Fl issuer_hash
1.80 jmc 5751: Print the hash of the certificate issuer name.
1.1 jsing 5752: .It Fl issuer_hash_old
1.80 jmc 5753: Print the hash of the certificate issuer name
5754: using the older algorithm as used by
5755: .Nm openssl
1.1 jsing 5756: versions before 1.0.0.
5757: .It Fl modulus
1.80 jmc 5758: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5759: .It Fl nameopt Ar option
1.80 jmc 5760: Customise how the subject or issuer names are displayed,
5761: either using a list of comma-separated options or by specifying
1.1 jsing 5762: .Fl nameopt
1.80 jmc 5763: multiple times.
5764: The default behaviour is to use the
5765: .Cm oneline
5766: format.
5767: The options,
5768: which can be preceded by a dash to turn them off,
5769: are as follows:
5770: .Bl -tag -width "XXXX"
5771: .It Cm align
5772: Align field values for a more readable output.
5773: Only usable with
5774: .Ar sep_multiline .
5775: .It Cm compat
5776: Use the old format,
5777: equivalent to specifying no options at all.
5778: .It Cm dn_rev
5779: Reverse the fields of the DN, as required by RFC 2253.
5780: As a side effect, this also reverses the order of multiple AVAs.
5781: .It Cm dump_all
5782: Dump all fields.
5783: When used with
5784: .Ar dump_der ,
5785: it allows the DER encoding of the structure to be unambiguously determined.
5786: .It Cm dump_der
5787: Any fields that need to be hexdumped are
5788: dumped using the DER encoding of the field.
5789: Otherwise just the content octets will be displayed.
5790: Both options use the RFC 2253 #XXXX... format.
5791: .It Cm dump_nostr
5792: Dump non-character string types
5793: (for example OCTET STRING);
5794: usually, non-character string types are displayed
5795: as though each content octet represents a single character.
5796: .It Cm dump_unknown
5797: Dump any field whose OID is not recognised by
5798: .Nm openssl .
5799: .It Cm esc_2253
5800: Escape the
5801: .Qq special
5802: characters required by RFC 2253 in a field that is
5803: .Dq \& ,+"<>; .
5804: Additionally,
5805: .Sq #
5806: is escaped at the beginning of a string
5807: and a space character at the beginning or end of a string.
5808: .It Cm esc_ctrl
5809: Escape control characters.
5810: That is, those with ASCII values less than 0x20 (space)
5811: and the delete (0x7f) character.
5812: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5813: digits representing the character value).
5814: .It Cm esc_msb
5815: Escape characters with the MSB set; that is, with ASCII values larger than
5816: 127.
5817: .It Cm multiline
5818: A multiline format.
5819: Equivalent to
5820: .Cm esc_ctrl , esc_msb , sep_multiline ,
5821: .Cm space_eq , lname ,
5822: and
5823: .Cm align .
5824: .It Cm no_type
5825: Do not attempt to interpret multibyte characters.
5826: That is, content octets are merely dumped as though one octet
5827: represents each character.
5828: This is useful for diagnostic purposes
5829: but results in rather odd looking output.
5830: .It Cm nofname , sname , lname , oid
5831: Alter how the field name is displayed:
5832: .Cm nofname
5833: does not display the field at all;
5834: .Cm sname
5835: uses the short name form (CN for
5836: .Cm commonName ,
5837: for example);
5838: .Cm lname
5839: uses the long form.
5840: .Cm oid
5841: represents the OID in numerical form and is useful for diagnostic purpose.
5842: .It Cm oneline
5843: A one line format which is more readable than
5844: .Cm RFC2253 .
5845: Equivalent to
5846: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5847: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5848: .Cm space_eq ,
5849: and
5850: .Cm sname .
5851: .It Cm RFC2253
5852: Displays names compatible with RFC 2253.
5853: Equivalent to
5854: .Cm esc_2253 , esc_ctrl ,
5855: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5856: .Cm dump_der , sep_comma_plus , dn_rev ,
5857: and
5858: .Cm sname .
5859: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5860: Determine the field separators:
5861: the first character is between RDNs and the second between multiple AVAs
5862: (multiple AVAs are very rare and their use is discouraged).
5863: The options ending in
5864: .Qq space
5865: additionally place a space after the separator to make it more readable.
5866: .Cm sep_multiline
5867: uses a linefeed character for the RDN separator and a spaced
5868: .Sq +
5869: for the AVA separator,
5870: as well as indenting the fields by four characters.
5871: .It Cm show_type
1.84 jmc 5872: Show the type of the ASN.1 character string.
1.80 jmc 5873: The type precedes the field contents.
5874: For example
5875: .Qq BMPSTRING: Hello World .
5876: .It Cm space_eq
5877: Place spaces round the
5878: .Sq =
5879: character which follows the field name.
5880: .It Cm use_quote
5881: Escape some characters by surrounding the whole string with
5882: .Sq \&"
5883: characters.
5884: Without the option, all escaping is done with the
5885: .Sq \e
5886: character.
5887: .It Cm utf8
5888: Convert all strings to UTF8 format first, as required by RFC 2253.
5889: On a UTF8 compatible terminal,
5890: the use of this option (and not setting
5891: .Cm esc_msb )
5892: may result in the correct display of multibyte characters.
5893: Usually, multibyte characters larger than 0xff
5894: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5895: for 32 bits,
5896: and any UTF8Strings are converted to their character form first.
5897: .El
1.107 inoguchi 5898: .It Fl next_serial
5899: Print the next serial number.
1.1 jsing 5900: .It Fl noout
1.80 jmc 5901: Do not output the encoded version of the request.
1.1 jsing 5902: .It Fl ocsp_uri
1.80 jmc 5903: Print the OCSP responder addresses, if any.
1.1 jsing 5904: .It Fl ocspid
5905: Print OCSP hash values for the subject name and public key.
5906: .It Fl pubkey
1.80 jmc 5907: Print the public key.
1.1 jsing 5908: .It Fl serial
1.80 jmc 5909: Print the certificate serial number.
1.107 inoguchi 5910: .It Fl sigopt Ar nm:v
5911: Pass options to the signature algorithm during sign or certify operations.
5912: The names and values of these options are algorithm-specific.
1.1 jsing 5913: .It Fl startdate
1.80 jmc 5914: Print the start date of the certificate; that is, the
5915: .Cm notBefore
1.1 jsing 5916: date.
5917: .It Fl subject
1.80 jmc 5918: Print the subject name.
1.1 jsing 5919: .It Fl subject_hash
1.80 jmc 5920: Print the hash of the certificate subject name.
1.1 jsing 5921: This is used in
1.80 jmc 5922: .Nm openssl
1.1 jsing 5923: to form an index to allow certificates in a directory to be looked up
5924: by subject name.
5925: .It Fl subject_hash_old
1.80 jmc 5926: Print the hash of the certificate subject name
5927: using the older algorithm as used by
5928: .Nm openssl
1.1 jsing 5929: versions before 1.0.0.
5930: .It Fl text
1.80 jmc 5931: Print the full certificate in text form.
1.1 jsing 5932: .El
5933: .Pp
1.80 jmc 5934: A trusted certificate is a certificate which has several
1.1 jsing 5935: additional pieces of information attached to it such as the permitted
1.80 jmc 5936: and prohibited uses of the certificate and an alias.
5937: When a certificate is being verified at least one certificate must be trusted.
5938: By default, a trusted certificate must be stored locally and be a root CA.
5939: The following are x509 trust settings options:
1.1 jsing 5940: .Bl -tag -width "XXXX"
5941: .It Fl addreject Ar arg
1.80 jmc 5942: Add a prohibited use.
5943: Accepts the same values as the
1.1 jsing 5944: .Fl addtrust
5945: option.
5946: .It Fl addtrust Ar arg
1.80 jmc 5947: Add a trusted certificate use.
1.1 jsing 5948: Any object name can be used here, but currently only
1.80 jmc 5949: .Cm clientAuth
5950: (SSL client use),
5951: .Cm serverAuth
5952: (SSL server use),
5953: and
5954: .Cm emailProtection
5955: (S/MIME email) are used.
1.1 jsing 5956: .It Fl alias
1.80 jmc 5957: Output the certificate alias.
1.1 jsing 5958: .It Fl clrreject
1.80 jmc 5959: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5960: .It Fl clrtrust
1.80 jmc 5961: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5962: .It Fl purpose
1.80 jmc 5963: Perform tests on the certificate extensions.
5964: The same code is used when verifying untrusted certificates in chains,
5965: so this section is useful if a chain is rejected by the verify code.
5966: .Pp
5967: The
5968: .Cm basicConstraints
5969: extension CA flag is used to determine whether the
5970: certificate can be used as a CA.
5971: If the CA flag is true, it is a CA;
5972: if the CA flag is false, it is not a CA.
5973: All CAs should have the CA flag set to true.
5974: .Pp
5975: If the
5976: .Cm basicConstraints
5977: extension is absent, then the certificate is
5978: considered to be a possible CA;
5979: other extensions are checked according to the intended use of the certificate.
5980: A warning is given in this case because the certificate should really not
5981: be regarded as a CA.
5982: However it is allowed to be a CA to work around some broken software.
5983: .Pp
5984: If the certificate is a V1 certificate
5985: (and thus has no extensions) and it is self-signed,
5986: it is also assumed to be a CA but a warning is again given.
5987: This is to work around the problem of Verisign roots
5988: which are V1 self-signed certificates.
5989: .Pp
5990: If the
5991: .Cm keyUsage
5992: extension is present, then additional restraints are
5993: made on the uses of the certificate.
5994: A CA certificate must have the
5995: .Cm keyCertSign
5996: bit set if the
5997: .Cm keyUsage
5998: extension is present.
5999: .Pp
6000: The extended key usage extension places additional restrictions on the
6001: certificate uses.
6002: If this extension is present, whether critical or not,
6003: the key can only be used for the purposes specified.
6004: .Pp
6005: A complete description of each test is given below.
6006: The comments about
6007: .Cm basicConstraints
6008: and
6009: .Cm keyUsage
6010: and V1 certificates above apply to all CA certificates.
6011: .Bl -tag -width "XXXX"
6012: .It SSL Client
6013: The extended key usage extension must be absent or include the
6014: web client authentication OID.
6015: .Cm keyUsage
6016: must be absent or it must have the
6017: .Cm digitalSignature
6018: bit set.
6019: The Netscape certificate type must be absent
6020: or it must have the SSL client bit set.
6021: .It SSL Client CA
6022: The extended key usage extension must be absent or include the
6023: web client authentication OID.
6024: The Netscape certificate type must be absent
6025: or it must have the SSL CA bit set:
6026: this is used as a workaround if the
6027: .Cm basicConstraints
6028: extension is absent.
6029: .It SSL Server
6030: The extended key usage extension must be absent or include the
6031: web server authentication and/or one of the SGC OIDs.
6032: .Cm keyUsage
6033: must be absent or it must have the
6034: .Cm digitalSignature
6035: set, the
6036: .Cm keyEncipherment
6037: set, or both bits set.
6038: The Netscape certificate type must be absent or have the SSL server bit set.
6039: .It SSL Server CA
6040: The extended key usage extension must be absent or include the
6041: web server authentication and/or one of the SGC OIDs.
6042: The Netscape certificate type must be absent or the SSL CA bit must be set:
6043: this is used as a workaround if the
6044: .Cm basicConstraints
6045: extension is absent.
6046: .It Netscape SSL Server
6047: For Netscape SSL clients to connect to an SSL server; it must have the
6048: .Cm keyEncipherment
6049: bit set if the
6050: .Cm keyUsage
6051: extension is present.
6052: This isn't always valid because some cipher suites use the key for
6053: digital signing.
6054: Otherwise it is the same as a normal SSL server.
6055: .It Common S/MIME Client Tests
6056: The extended key usage extension must be absent or include the
6057: email protection OID.
6058: The Netscape certificate type must be absent or should have the S/MIME bit set.
6059: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6060: client bit is tolerated as an alternative but a warning is shown:
6061: this is because some Verisign certificates don't set the S/MIME bit.
6062: .It S/MIME Signing
6063: In addition to the common S/MIME client tests, the
6064: .Cm digitalSignature
6065: bit must be set if the
6066: .Cm keyUsage
6067: extension is present.
6068: .It S/MIME Encryption
6069: In addition to the common S/MIME tests, the
6070: .Cm keyEncipherment
6071: bit must be set if the
6072: .Cm keyUsage
6073: extension is present.
6074: .It S/MIME CA
6075: The extended key usage extension must be absent or include the
6076: email protection OID.
6077: The Netscape certificate type must be absent
6078: or must have the S/MIME CA bit set:
6079: this is used as a workaround if the
6080: .Cm basicConstraints
6081: extension is absent.
6082: .It CRL Signing
6083: The
6084: .Cm keyUsage
6085: extension must be absent or it must have the CRL signing bit set.
6086: .It CRL Signing CA
6087: The normal CA tests apply, except the
6088: .Cm basicConstraints
6089: extension must be present.
6090: .El
1.1 jsing 6091: .It Fl setalias Ar arg
1.80 jmc 6092: Set the alias of the certificate,
6093: allowing the certificate to be referred to using a nickname,
6094: such as
1.1 jsing 6095: .Qq Steve's Certificate .
6096: .It Fl trustout
1.80 jmc 6097: Output a trusted certificate
6098: (the default if any trust settings are modified).
1.1 jsing 6099: An ordinary or trusted certificate can be input, but by default an ordinary
6100: certificate is output and any trust settings are discarded.
6101: .El
1.80 jmc 6102: .Pp
1.1 jsing 6103: The
6104: .Nm x509
1.80 jmc 6105: utility can be used to sign certificates and requests:
6106: it can thus behave like a mini CA.
6107: The following are x509 signing options:
1.1 jsing 6108: .Bl -tag -width "XXXX"
6109: .It Fl CA Ar file
1.80 jmc 6110: The CA certificate to be used for signing.
1.1 jsing 6111: When this option is present,
6112: .Nm x509
1.80 jmc 6113: behaves like a mini CA.
1.1 jsing 6114: The input file is signed by the CA using this option;
6115: that is, its issuer name is set to the subject name of the CA and it is
6116: digitally signed using the CA's private key.
6117: .Pp
6118: This option is normally combined with the
6119: .Fl req
6120: option.
6121: Without the
6122: .Fl req
6123: option, the input is a certificate which must be self-signed.
6124: .It Fl CAcreateserial
1.80 jmc 6125: Create the CA serial number file if it does not exist
6126: instead of generating an error.
6127: The file will contain the serial number
1.1 jsing 6128: .Sq 02
6129: and the certificate being signed will have
6130: .Sq 1
6131: as its serial number.
1.80 jmc 6132: .It Fl CAform Cm der | pem
1.1 jsing 6133: The format of the CA certificate file.
6134: The default is
1.80 jmc 6135: .Cm pem .
1.1 jsing 6136: .It Fl CAkey Ar file
1.80 jmc 6137: Set the CA private key to sign a certificate with.
6138: Otherwise it is assumed that the CA private key is present
6139: in the CA certificate file.
6140: .It Fl CAkeyform Cm der | pem
1.1 jsing 6141: The format of the CA private key.
6142: The default is
1.80 jmc 6143: .Cm pem .
1.1 jsing 6144: .It Fl CAserial Ar file
1.80 jmc 6145: Use the serial number in
6146: .Ar file
6147: to sign a certificate.
6148: The file should consist of one line containing an even number of hex digits
1.1 jsing 6149: with the serial number to use.
6150: After each use the serial number is incremented and written out
6151: to the file again.
6152: .Pp
6153: The default filename consists of the CA certificate file base name with
6154: .Pa .srl
6155: appended.
6156: For example, if the CA certificate file is called
6157: .Pa mycacert.pem ,
6158: it expects to find a serial number file called
6159: .Pa mycacert.srl .
6160: .It Fl checkend Ar arg
6161: Check whether the certificate expires in the next
6162: .Ar arg
6163: seconds.
6164: If so, exit with return value 1;
6165: otherwise exit with return value 0.
6166: .It Fl clrext
6167: Delete any extensions from a certificate.
6168: This option is used when a certificate is being created from another
6169: certificate (for example with the
6170: .Fl signkey
6171: or the
6172: .Fl CA
6173: options).
6174: Normally, all extensions are retained.
6175: .It Fl days Ar arg
1.80 jmc 6176: The number of days to make a certificate valid for.
1.1 jsing 6177: The default is 30 days.
6178: .It Fl extensions Ar section
6179: The section to add certificate extensions from.
6180: If this option is not specified, the extensions should either be
1.80 jmc 6181: contained in the unnamed (default) section
6182: or the default section should contain a variable called
1.1 jsing 6183: .Qq extensions
6184: which contains the section to use.
6185: .It Fl extfile Ar file
6186: File containing certificate extensions to use.
6187: If not specified, no extensions are added to the certificate.
1.80 jmc 6188: .It Fl keyform Cm der | pem
6189: The format of the private key file used in the
1.1 jsing 6190: .Fl signkey
6191: option.
6192: .It Fl req
1.80 jmc 6193: Expect a certificate request on input instead of a certificate.
1.1 jsing 6194: .It Fl set_serial Ar n
1.80 jmc 6195: The serial number to use.
1.1 jsing 6196: This option can be used with either the
6197: .Fl signkey
6198: or
6199: .Fl CA
6200: options.
6201: If used in conjunction with the
6202: .Fl CA
6203: option, the serial number file (as specified by the
6204: .Fl CAserial
6205: or
6206: .Fl CAcreateserial
6207: options) is not used.
6208: .Pp
6209: The serial number can be decimal or hex (if preceded by
6210: .Sq 0x ) .
6211: Negative serial numbers can also be specified but their use is not recommended.
6212: .It Fl signkey Ar file
1.80 jmc 6213: Self-sign
6214: .Ar file
6215: using the supplied private key.
1.1 jsing 6216: .Pp
6217: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6218: subject name (i.e. makes it self-signed),
1.1 jsing 6219: changes the public key to the supplied value,
6220: and changes the start and end dates.
6221: The start date is set to the current time and the end date is set to
6222: a value determined by the
6223: .Fl days
6224: option.
6225: Any certificate extensions are retained unless the
6226: .Fl clrext
6227: option is supplied.
6228: .Pp
6229: If the input is a certificate request, a self-signed certificate
6230: is created using the supplied private key using the subject name in
6231: the request.
6232: .It Fl x509toreq
1.80 jmc 6233: Convert a certificate into a certificate request.
1.1 jsing 6234: The
6235: .Fl signkey
6236: option is used to pass the required private key.
6237: .El
1.38 jmc 6238: .Sh COMMON NOTATION
6239: Several commands share a common syntax,
6240: as detailed below.
6241: .Pp
6242: Password arguments, typically specified using
1.33 jmc 6243: .Fl passin
6244: and
6245: .Fl passout
1.38 jmc 6246: for input and output passwords,
6247: allow passwords to be obtained from a variety of sources.
6248: Both of these options take a single argument, described below.
1.33 jmc 6249: If no password argument is given and a password is required,
6250: then the user is prompted to enter one:
6251: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6252: .Bl -tag -width "pass:password" -offset indent
6253: .It Cm pass : Ns Ar password
1.33 jmc 6254: The actual password is
6255: .Ar password .
1.38 jmc 6256: Since the password is visible to utilities,
1.33 jmc 6257: this form should only be used where security is not important.
1.38 jmc 6258: .It Cm env : Ns Ar var
1.33 jmc 6259: Obtain the password from the environment variable
6260: .Ar var .
1.38 jmc 6261: Since the environment of other processes is visible,
6262: this option should be used with caution.
6263: .It Cm file : Ns Ar path
1.33 jmc 6264: The first line of
6265: .Ar path
6266: is the password.
6267: If the same
6268: .Ar path
6269: argument is supplied to
6270: .Fl passin
6271: and
6272: .Fl passout ,
6273: then the first line will be used for the input password and the next line
6274: for the output password.
6275: .Ar path
6276: need not refer to a regular file:
6277: it could, for example, refer to a device or named pipe.
1.38 jmc 6278: .It Cm fd : Ns Ar number
1.33 jmc 6279: Read the password from the file descriptor
6280: .Ar number .
1.38 jmc 6281: This can be used to send the data via a pipe, for example.
6282: .It Cm stdin
1.33 jmc 6283: Read the password from standard input.
1.35 jmc 6284: .El
1.38 jmc 6285: .Pp
1.64 jmc 6286: Input/output formats,
1.38 jmc 6287: typically specified using
6288: .Fl inform
6289: and
6290: .Fl outform ,
1.64 jmc 6291: indicate the format being read from or written to.
1.38 jmc 6292: The argument is case insensitive.
6293: .Pp
6294: .Bl -tag -width Ds -offset indent -compact
6295: .It Cm der
6296: Distinguished Encoding Rules (DER)
6297: is a binary format.
1.64 jmc 6298: .It Cm net
6299: Insecure legacy format.
1.38 jmc 6300: .It Cm pem
6301: Privacy Enhanced Mail (PEM)
6302: is base64-encoded.
1.108 inoguchi 6303: .It Cm pvk
6304: Private Key format.
1.70 jmc 6305: .It Cm smime
6306: An SMIME format message.
1.38 jmc 6307: .It Cm txt
6308: Plain ASCII text.
6309: .El
1.35 jmc 6310: .Sh ENVIRONMENT
6311: The following environment variables affect the execution of
6312: .Nm openssl :
1.38 jmc 6313: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6314: .It Ev OPENSSL_CONF
6315: The location of the master configuration file.
1.33 jmc 6316: .El
1.1 jsing 6317: .Sh FILES
6318: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6319: .It Pa /etc/ssl/
1.1 jsing 6320: Default config directory for
6321: .Nm openssl .
1.17 sobrado 6322: .It Pa /etc/ssl/lib/
1.1 jsing 6323: Unused.
1.17 sobrado 6324: .It Pa /etc/ssl/private/
1.1 jsing 6325: Default private key directory.
1.17 sobrado 6326: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6327: Default configuration file for
6328: .Nm openssl .
1.17 sobrado 6329: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6330: Default configuration file for
6331: .Nm x509
6332: certificates.
6333: .El
6334: .Sh SEE ALSO
1.74 jmc 6335: .Xr acme-client 1 ,
1.26 jmc 6336: .Xr nc 1 ,
1.90 schwarze 6337: .Xr openssl.cnf 5 ,
6338: .Xr x509v3.cnf 5 ,
1.1 jsing 6339: .Xr ssl 8 ,
6340: .Xr starttls 8
6341: .Sh STANDARDS
6342: .Rs
6343: .%A T. Dierks
6344: .%A C. Allen
6345: .%D January 1999
6346: .%R RFC 2246
6347: .%T The TLS Protocol Version 1.0
6348: .Re
6349: .Pp
6350: .Rs
6351: .%A M. Wahl
6352: .%A S. Killie
6353: .%A T. Howes
6354: .%D December 1997
6355: .%R RFC 2253
6356: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6357: .Re
6358: .Pp
6359: .Rs
6360: .%A B. Kaliski
6361: .%D March 1998
6362: .%R RFC 2315
6363: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6364: .Re
6365: .Pp
6366: .Rs
6367: .%A R. Housley
6368: .%A W. Ford
6369: .%A W. Polk
6370: .%A D. Solo
6371: .%D January 1999
6372: .%R RFC 2459
6373: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6374: .Re
6375: .Pp
6376: .Rs
6377: .%A M. Myers
6378: .%A R. Ankney
6379: .%A A. Malpani
6380: .%A S. Galperin
6381: .%A C. Adams
6382: .%D June 1999
6383: .%R RFC 2560
6384: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6385: .Re
6386: .Pp
6387: .Rs
6388: .%A R. Housley
6389: .%D June 1999
6390: .%R RFC 2630
6391: .%T Cryptographic Message Syntax
6392: .Re
6393: .Pp
6394: .Rs
6395: .%A P. Chown
6396: .%D June 2002
6397: .%R RFC 3268
1.24 jmc 6398: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6399: .Re